From 1be510f9529cb082f802408b472a77d074b394c0 Mon Sep 17 00:00:00 2001 From: Nicolas Vigier Date: Sun, 14 Apr 2013 13:46:12 +0000 Subject: Add zarb MLs html archives --- zarb-ml/mageia-sysadm/2010-November/000434.html | 92 +++++++++++++++++++++++++ 1 file changed, 92 insertions(+) create mode 100644 zarb-ml/mageia-sysadm/2010-November/000434.html (limited to 'zarb-ml/mageia-sysadm/2010-November/000434.html') diff --git a/zarb-ml/mageia-sysadm/2010-November/000434.html b/zarb-ml/mageia-sysadm/2010-November/000434.html new file mode 100644 index 000000000..c5df4509e --- /dev/null +++ b/zarb-ml/mageia-sysadm/2010-November/000434.html @@ -0,0 +1,92 @@ + + + + [Mageia-sysadm] Usernames, uids, and groups + + + + + + + + + +

[Mageia-sysadm] Usernames, uids, and groups

+ nicolas vigier + boklm at mars-attacks.org +
+ Wed Nov 10 11:55:00 CET 2010 +

+
+ +
On Wed, 10 Nov 2010, Luca Berra wrote:
+
+> On Wed, Nov 10, 2010 at 01:01:21AM +0100, nicolas vigier wrote:
+>> On Tue, 09 Nov 2010, Buchan Milne wrote:
+>>> On Monday, 8 November 2010 17:29:24 nicolas vigier wrote:
+>>> > On some machines like the svn server, we need to use pam_ldap to allow
+>>> > users access with their ldap accounts. But on others servers like
+>>> > alamut (web services), or the build nodes, normal users have no reason
+>>> > to login.
+>>>
+>>> But, sysadm members have a reason, and I see no reason to increase their 
+>>> overhead with local accounts.
+>>
+>> Maybe not on alamut, but on build nodes, I don't think user accounts for
+>> sysadmins will be very useful. The only reason to login to those nodes
+>> will be to check/fix iurt problems, which requires root permissions.
+> i have a couple of doubts with this
+> 1) root password handling: if you plan to use root account to logon to
+> build nodes you have to manage communicating the password securely to
+> all people who would need that.
+
+We don't use password, we use ssh keys added to the root account by
+puppet.
+
+> 2) Accountability. No idea in France, but here system administratros
+> need to be accounted (*).
+
+When someone runs "sudo su -" or something equivalent there is no
+accountability on what he did after that.
+
+
+ + + + + + + + + +
+

+ +
+More information about the Mageia-sysadm +mailing list
+ -- cgit v1.2.1