fellow employees
#1
I just had someone from my department run the following command on one of *my* unix machines (as user root, of course, and the root home area is /)
eurcic1:/ cd /usr1/data/incoming
eurcic1:/ ls
~$myfile
~$myfile1
eurcic1:/ rm -rf ~$myfile
error - can't stat /
error - can't stat /
error - can't stat /
error - can't stat /
^C
It's dead jim!!!
eurcic1:/ cd /usr1/data/incoming
eurcic1:/ ls
~$myfile
~$myfile1
eurcic1:/ rm -rf ~$myfile
error - can't stat /
error - can't stat /
error - can't stat /
error - can't stat /
^C
It's dead jim!!!
#7
you rekion?
Check out the following e-mail!!
As XXXX is in the Siebel team, I am told that they need root access for Siebel administration. Its not very logical to take root permissions away from him on infrastructure servers because the risk is too high, but then continue to allow root access on BCC production systems.
Please advise if we should limit his permissions or just tell him to use root only for Siebel tasks
SHOCKER!
And after I had a 10 minute argument with one of the management about restricting ALL root access to all servers. IMHO, no-one apart from the admins shoud have root access. if you want root access you should write to your manager requesting it with a business need outlined. Otherwise, no way!!
Check out the following e-mail!!
As XXXX is in the Siebel team, I am told that they need root access for Siebel administration. Its not very logical to take root permissions away from him on infrastructure servers because the risk is too high, but then continue to allow root access on BCC production systems.
Please advise if we should limit his permissions or just tell him to use root only for Siebel tasks
SHOCKER!
And after I had a 10 minute argument with one of the management about restricting ALL root access to all servers. IMHO, no-one apart from the admins shoud have root access. if you want root access you should write to your manager requesting it with a business need outlined. Otherwise, no way!!
Trending Topics
#10
Scooby Regular
Join Date: Sep 2001
Location: Kingston ( Surrey, not Jamaica )
Posts: 4,670
Likes: 0
Received 0 Likes
on
0 Posts
Give them a shell front end to execute their 'admin' tasks. Menu driven with setuid to execute tasks *absolutely* requiring root, trap any attempts at ctrl-c or ctrl-z to stop them shelling out. I'm sure that most of their tasks don't really require root.
The other thing to do is to leave them as is - but insist the department head signs an agreement that next time they fcsk up any problems will be fixed on a 'best effort only, low priority' basis. Wait till they break it and go on holiday for a fortnight.
Steve "You'll never take my root password alive" M
The other thing to do is to leave them as is - but insist the department head signs an agreement that next time they fcsk up any problems will be fixed on a 'best effort only, low priority' basis. Wait till they break it and go on holiday for a fortnight.
Steve "You'll never take my root password alive" M
Thread
Thread Starter
Forum
Replies
Last Post
KOEScoob
ScoobyNet General
6
17 September 2015 03:51 PM