[unisog] root level access policies?

Chris Crowley ccrowley at tulane.edu
Mon May 9 16:15:02 GMT 2005

> We use sudo for all root access, but wish we could keep a log of commands
> issued when the user runs:
>     sudo csh
> and then works in the new shell as root. sudo only logs the "csh" command,
> not the commands to the shell itself.

You should take away the privilege of executing a new shell as root.
"sudo" provides granular control, and can prevent the execution of
certain commands.

If the person complains about typing those extra four characters s-u-d-o
before important commands, you could alias the command to sudo for them
"alias rndc='sudo rndc'" for example.

An account with SHELLS has unlimited root access, not granular sudo control.

Christopher Crowley
ccrowley at tulane.edu
(504) 314-2535
Network Administrator
Technology Services
-------------- next part --------------
A non-text attachment was scrubbed...
Name: ccrowley.vcf
Type: text/x-vcard
Size: 158 bytes
Desc: not available
Url : http://www.dshield.org/pipermail/unisog/attachments/20050509/b4f774c3/ccrowley.vcf

More information about the unisog mailing list