[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [SAGE] Security tokens

To: sage-members@usenix.org
Subject: Re: [SAGE] Security tokens
From: David Wolfskill <david@catwhisker.org>
Date: Tue, 21 Jan 2003 10:12:20 -0800 (PST)
In-Reply-To: <20030121175701.4941DA1@gray.impulse.net>
Sender: owner-sage-members@usenix.org

>From: Ted Cabeen <secabeen@pobox.com>
>Date: Tue, 21 Jan 2003 09:57:01 -0800

>We try to use sudo for sysadmin tasks here too, but you need to make sure that
>your policy is flexible enough to deal with the specifics of your systems as
>well.  We discourage the use of "sudo <shell>" because it breaks auditing, but
>we have to use it from time to time when we need to glob through a set of
>non-world readable/executable directories.  Our policy recognizes that when 
>your working on the mail system, "sudo <shell>" is usually okay, although if 
>you're always using it, that's something to look at.

For such cases, using "sudo script /var/log/<some appropriate file>" may
well be a more useful alternative.

YMMV, void where prohibited, texed, or otherwise restricted....

Cheers,
david       (links to my resume at http://www.catwhisker.org/~david)
-- 
David H. Wolfskill				david@catwhisker.org
I have no confidence in results obtained through the use of Microsoft products.

References:
- Re: [SAGE] Security tokens
  - From: Ted Cabeen <secabeen@pobox.com>

Prev by Date: Re: [SAGE] Security tokens
Next by Date: Re: [SAGE] Security tokens
Prev by thread: Re: [SAGE] Security tokens
Next by thread: Re: [SAGE] Security tokens
Index(es):
- Date
- Thread