[nSLUG] Dealing with a superior who believes they need root

Robert McKay robert at mckay.com
Fri Nov 3 17:20:40 AST 2006


Set up a change control system and insist that all changes have to be
signed off. If the person continues to make unauthorized changes then
take that up with their boss.

On 11/1/06, D G Teed <donald.teed at gmail.com> wrote:
> This is not specific to Linux, but as it touches on best practise for
> *nix, I thought it might be an interesting discussion for the group.
>
> This happened to a friend of mine...
>
> Suppose your *nix savvy boss is laid off, a junior manager is
> made into your new boss, and they know Windows and
> networking and just enough Perl to be dangerous.
>
> The new boss has root access to the DHCP/DNS server
> through legacy arrangement, and uses it to update
> host management shell and Perl scripts.  In the course
> of doing that, (a) a cron script is left in an edited and untested state,
> breaking DHCP, (b) /etc/init.d/dhcpd is edited for the sake of
> the cron (rather than making PATH set in a wrapper script),
> and (c) a dhcpd.log archive is accidentally deleted.
>
> After the third problem, the sys admin asks the boss's boss
> if they can remove the boss with root from that level of
> access and use groups for read only access that the
> network staff need to use.  However the boss's boss
> knows little about IT - is a financial manager actually.
>
> The challenge is: how to demonstrate to the boss's boss
> that the boss is breaking good *nix sysadmin practises
> and should leave the sysadmin tasks to those with
> experience and knowledge of good practise.
>
> To put it another way: where can one find an authority source
> a non-IT person can understand, which discusses best practices
> for *nix sysadmin and security - possibly in condensed reading
> format rather than full book.
>
> --Donald
>
>
>
> _______________________________________________
> nSLUG mailing list
> nSLUG at nslug.ns.ca
> http://nslug.ns.ca/cgi-bin/mailman/listinfo/nslug
>
> 
>
>

!DSPAM:454c59ef15611954562056!




More information about the nSLUG mailing list