Security, Accountability, and Applications Staff

Adam Brons abrons at
Mon Feb 10 12:24:10 GMT 2003

This issues seems to follow me around every where I go.  Applications
staff need certain levels of access to the operating system for whatever
reason they come up with and most vendors know how to spell security, 
but rarely know how to integrate it into their software.  So you're
faced with the battle of keeping a secure system, keeping least
privilege, while allowing the applications staff to still get their work

Currently the battle is with educating applications staff to use sudo
instead of having a "generic" vendor account.   We're currently trying
to come up with a reasonable work around for apps staff needing to log
in as oracle in order to get stuff down.  We'd rather them use sudo and
run as oracle, but they've run into some road blocks and are ready to
cry foul.  The Apps staff has told us that oracle does not support sudo
therefore Oracle won't support troubling shooting issues with sudo and
their software.  

My questions are:

1) Has anyone come up with a work around for this problem, or another
way of handling the problem all together?

2) What has other university's done to keep least privilege on systems
where applications staff need more than user access?

Adam Brons           Systems Engineer / Unix Support Group
                     Office of Computing and Communications Services
                     Old Dominion University - Norfolk, Virginia. USA

DSA ID 7680A17E: 7E88 F9EC 0799 3260 49DA  DB77 0327 D32B 7680 A17E

More information about the unisog mailing list