root access for end users

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



After a battle of years, "academic freedom" was invoked and very senior management, in its infinite wisdom, has decided that our users (mostly researchers) should have root access (or full sudo, which amounts to the same thing) to their Linux workstations.

Does anybody have experience running a Unix/Linux network like this?

Remember full sudo means the ability to 'sudo su' and become any other user, making permissions (even across NFS) useless. It also means the ability to play with/pilfer/replace Kerberos keytabs, allowing one to impersonate any box to which they have access. The support nightmare cannot be used as an argument against this because users have convinced management that "that's what support is for."

All I can do is control the servers and decide how services will be presented and which hoops users should go through to be able to use server resources.

The current environment is basically Kerberos authentication, NIS authorization and NFS/CUPS services. Most of the clients are owned, built, maintained and supported by my organization, but some users will use their new found freedom to build/buy their own boxes.

The plan is to move away from NIS to LDAP and from NFS to AFS.

What other problems do people see? Any thoughts and suggestions will be greatly appreciated.

TIA!

Yuri
--
To unsubscribe from this list: send the line "unsubscribe linux-admin" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html

[Index of Archives]     [Linux Newbie]     [Audio]     [Hams]     [Kernel Newbies]     [Util Linux NG]     [Security]     [Netfilter]     [Bugtraq]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux RAID]     [Linux Device Drivers]     [Samba]     [Video 4 Linux]     [Git]     [Fedora Users]

  Powered by Linux