[PLUG] sudo to root question

Michael Rasmussen michael at jamhome.us
Fri Apr 25 17:33:16 UTC 2008


On Fri, Apr 25, 2008 at 01:20:37PM -0400, Dan Roberts wrote:
> Might anyone be willing to offer what "root" like sudo commands you may
> allow your power users to perform?
> I am getting shredded on trying to implement a policy that says no one
> is to have full sudo to root access..But I am also arguing that it is a
> reasonable approach to all specific sudo to root acccess to a LIMITED
> command subset..
> What might be those command subset in your experience that seems
> reasonable?

Reasonable or not, at my workplace sudo rights are only assigned and allowed
on a "need to do it for your job function" basis.  There's no generic listing
of what's reasonable.  

This is backed up with security department held root passwords and passwords
to accounts with elevated, even with full root sudo, privleges.  These are
used when the pre-defined sudo lists prove insufficient to resolve an issue.

-- 
      Michael Rasmussen, Portland Oregon  
    Be appropriate && Follow your curiosity
  The fortune cookie says:
You will never know hunger.




More information about the PLUG mailing list