[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[ale] Access Control Challenge
- Subject: [ale] Access Control Challenge
- From: thomaswood at mac.com (Thomas Wood)
- Date: Tue May 25 17:20:29 2004
- In-reply-to: <1085434319.1614.29.camel@pip>
- References: <[email protected]> <1085434319.1614.29.camel@pip>
One of my first experiments. DBA still needs access to the account,
but can only do so by using sudo. The solution I've decided to use is
change the user password so that only I know it. This will force
everybody who wants to become that user to sudo. My DBAs won't be
happy but they'll adjust.
thanks everybody,
wood
On May 24, 2004, at 5:31 PM, Danny Cox wrote:
> Thomas,
>
> On Sun, 2004-05-23 at 01:17, Thomas Wood wrote:
>> Has
>> anyone else found a more elegant solution? I'd really like to keep my
>> DBAs in the loop, password-wise, but they don't need the password and
>> I
>> think I can prevent them from changing it.
>>
>> Any thoughts? And no, tcp wrappers doesn't let you filter by
>> username.
>> Oh that it did. Also, I'm trying to avoid installing a firewall on
>> my
>> DB, so please, no filter rulesets.
>
> Will passwd -l (see man 1 passwd) do? It "locks" the account, only
> allowing root to gain access. It may close the door too much, though.
>
> --
> kernel, n.: A part of an operating system that preserves the
> medieval traditions of sorcery and black art.
>
> Danny
>
> _______________________________________________
> Ale mailing list
> Ale at ale.org
> http://www.ale.org/mailman/listinfo/ale
>