[Intrusions] Requested opinions on Access.
Buelna, Derek
derek.buelna at office.xerox.com
Thu Nov 11 16:30:39 GMT 2004
You may want to consider using sudo. Instead of giving them root, you can give them access to certain commands.
-Derek
-----Original Message-----
From: intrusions-bounces at lists.sans.org [mailto:intrusions-bounces at lists.sans.org] On Behalf Of Wilson, Mark
Sent: Wednesday, November 10, 2004 7:42 AM
To: intrusions at lists.sans.org
Subject: [Intrusions] Requested opinions on Access.
Ladies and Gentlemen;
I have an issue with our Data Base Admins (DBA's) wanting the root passwords for their workstations. We had just recently a DBA run a crack against a shadow file and move the shadow file from one of the Unix machines to a PC.
We staff separate Systems Administrators that normally admin these workstations, and I have a "symbiotic" relation on security issues with our SA's and trust them to perform necessary updates.
Obvious issues aside, I would really like to hear about policies and issues that others have in relation to DBA's having root access.
These DBA's support our Oracle Financials. (ehhh shiver up my spine) that hold all our customer financial information.
I would really appreciate responses to this since it has become a very touchy issue and I'm getting stuck in the middle being the Security person.
Thanks.
Mark Wilson
Communications Analyst / IT Security
Eastern Municipal Water District
2270 Trumble Rd.
Perris Ca. 92572
951.928.3777.4544
www.emwd.org
_______________________________________________
Intrusions mailing list
Intrusions at lists.sans.org
http://www.dshield.org/mailman/listinfo/intrusions
More information about the Intrusions
mailing list