Subject: | |
From: | |
Reply To: | |
Date: | Mon, 12 Apr 2021 10:38:13 -0500 |
Content-Type: | text/plain |
Parts/Attachments: |
|
|
Probably not applicable to many installations, but when I was the sole admin for
a couple of compute clusters, raid systems, and numerous backend servers,
*everything* I did required root privs, so I just set them all up so when I
ssh'd in, I was root. Didn't have time to mess with the extra sudo steps to be
root, as I was in and out of my systems constantly all day long.
Never once did that bite me.
Although, I would use a sudo config to allow certain trusted engineers or
professors on just specific systems to run specific apps/commands that needed
root privs, which also generated an audit trail in the logs, and an email to me,
of what commands they invoked (or tried to invoke) - just in case they tried to
do something they shouldn't.
But my methodology is definitely not for installations with two or more admins.
- Larry
~Stack~ wrote on 4/11/21 9:39 PM:
> > On 2021-04-07 9:28 a.m., Teh, Kenneth M. wrote:
> >> If you need to run a lot of commands as root, the easiest sudo method
> >> is simply 'sudo su -' which makes you into root. The trailing '-'
> >> does a login which replaces your environment with root's.
--
P. Larry Nelson (217-693-7418) | IT Administrator (retired)
810 Ventura Rd. | High Energy Physics Group
Champaign, IL 61820 | Physics Dept., Univ. of Ill.
MailTo: [log in to unmask] | https://urldefense.proofpoint.com/v2/url?u=http-3A__hep.physics.illinois.edu_home_lnelson_&d=DwID-g&c=gRgGjJ3BkIsb5y6s49QqsA&r=gd8BzeSQcySVxr0gDWSEbN-P-pgDXkdyCtaMqdCgPPdW1cyL5RIpaIYrCn8C5x2A&m=DLa1FvIiUtnD-PEy34KAo3p4WSwAisBUV0ZnfTtR1lM&s=gdBbjcMggx3ArhRhnpgki6hz28AXRel_j3RZ5vdsaEI&e=
-------------------------------------------------------------------------------
"Information without accountability is just noise." - P.L. Nelson, 04/06/2001
|
|
|