HPE Community
Operating System - HP-UX
1845907 Members
4076 Online
110250 Solutions
New Discussion

root access - who needs it?

 
SOLVED
Go to solution
Sorrel G. Jakins
Valued Contributor

‎04-23-2001 07:43 AM

‎04-23-2001 07:43 AM

root access - who needs it?

At the behest of the external auditors our OPS department has removed all access to 'root' from my techies. If there is a problem on a production server the root id is temporarily changed for that server only. After an hour it goes back to OPS.

The techies feel frustrated with this change and some have walked. What do the rest of you do?
0 Kudos
Reply
5 REPLIES 5
Alan Riggs
Honored Contributor

‎04-23-2001 07:51 AM

‎04-23-2001 07:51 AM

Solution

Re: root access - who needs it?

I use sudo, restricted SAM, and openview actions to open very specific root (or other user) activities to operators and local admins.
Reply
Jim Moffitt_1
Valued Contributor

‎04-23-2001 07:53 AM

‎04-23-2001 07:53 AM

Re: root access - who needs it?

You should download sudo from HP's Software Porting and Archive Center fo HP-UX http://hpux.cs.utah.edu

You can set up lists stating commands that your ops department can use. And your auditors will love it because it leaves an audit trail in your syslog and an sudolog. All your ops people need to do is:

sudo

I'm still new to it myself, but it working really well. Hope this helps.
Reply
Tim D Fulford
Honored Contributor

‎04-23-2001 07:58 AM

‎04-23-2001 07:58 AM

Re: root access - who needs it?

If I understand you correctly, the guys who monitor the system have root access but the guys who fix the system do not!!! The cart before the horse.

Try sudo, it allows non-root users to have logged root access. it is configurable to allow users etc to have access to some commands and not others.
look at
http://www.courtesan.com/sudo/sudo.html
-
Reply
Vincenzo Restuccia
Honored Contributor

‎04-23-2001 08:06 AM

‎04-23-2001 08:06 AM

Re: root access - who needs it?

See http://forums.itrc.hp.com/cm/QuestionAnswer/1,1150,0x06970cb17a32d5118fef0090279cd0f9,00.html
Reply
Thierry Poels_1
Honored Contributor

‎04-23-2001 09:40 AM

‎04-23-2001 09:40 AM

Re: root access - who needs it?

Hi,
years ago as a programmer I was the one who was in need of more privileges, root access, etc. Always trying to get around limitations, trying to get out of those nasty menu systems those evil sysadmins put us in. The stupid sysadmins couldn't understand that we needed root privileges sometimes, that we knew very well what we were doing, and if something would go wrong they had backups, didn't they, that was their job.

Now I'm a sysadmin, now I'm root :) and I never never never (almost never) give the root password to those stupid programmers or third party consultants who might ruin "my" system. There are enough horror stories of programmer or other "guest" root accounts who ruined a system after a little typing error or another mistake. And then they say those horrorful words "Do you have a backup??". And the sysadmin can work overnight or through the weekend (again!) to recover the damage made.


(just) a little bit exaggerated but root access has to be / should be / must be limited; that's what unix is all about ;-)

regards,
Thierry.
All unix flavours are exactly the same . . . . . . . . . . for end users anyway.
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.