[ale] Access Control Challenge

Thomas Wood thomaswood at mac.com
Tue May 25 17:20:29 EDT 2004


One of my first experiments.  DBA still needs access to the account, 
but can only do so by using sudo.  The solution I've decided to use is 
change the user password so that only I know it.  This will force 
everybody who wants to become that user to sudo.  My DBAs won't be 
happy but they'll adjust.

thanks everybody,
wood
On May 24, 2004, at 5:31 PM, Danny Cox wrote:

> Thomas,
>
> On Sun, 2004-05-23 at 01:17, Thomas Wood wrote:
>> Has
>> anyone else found a more elegant solution?  I'd really like to keep my
>> DBAs in the loop, password-wise, but they don't need the password and 
>> I
>> think I can prevent them from changing it.
>>
>> Any thoughts?  And no, tcp wrappers doesn't let you filter by 
>> username.
>>   Oh that it did.  Also, I'm trying to avoid installing a firewall on 
>> my
>> DB, so please, no filter rulesets.
>
> 	Will passwd -l (see man 1 passwd) do?  It "locks" the account, only
> allowing root to gain access.  It may close the door too much, though.
>
> -- 
> kernel, n.: A part of an operating system that preserves the
> medieval traditions of sorcery and black art.
>
> Danny
>
> _______________________________________________
> Ale mailing list
> Ale at ale.org
> http://www.ale.org/mailman/listinfo/ale
>



More information about the Ale mailing list