[NTLUG:Discuss] DistroWatch 10 Most Popular Linux Distros
Chris Cox
cjcox at acm.org
Fri Apr 3 16:01:03 CDT 2009
On Fri, 2009-04-03 at 15:49 -0500, Kenneth Loafman wrote:
...
> At some point, the admin, or the first user, has to be able to get into
> a root shell. You can only type sudo so many times before your hands
> cramp up. Convenience will win over security if you make it onerous.
As a less secure "middle" we use "sudo rootsh" which invokes a shell
with all inputs and ouput logged... of course, it's pretty easy as
root to tank all of that logging. Mainly done so multiple people
could do shell things and we wouldn't leave a mystery behind as
to "who did what".
Oddly, our Global Security team liked it so much they implemented
it before I did.
There's a REALLY old NTLUG presentation (go WAY back) on it.
More information about the Discuss
mailing list