[Mageia-sysadm] Usernames, uids, and groups

Wed Nov 10 17:57:36 CET 2010

On Wed, Nov 10, 2010 at 01:27:00PM +0100, Buchan Milne wrote:
+>On Wednesday, 10 November 2010 11:55:00 nicolas vigier wrote:
+>> On Wed, 10 Nov 2010, Luca Berra wrote:
+>
+>> > 2) Accountability. No idea in France, but here system administratros
+>> > need to be accounted (*).
+>> 
+>> When someone runs "sudo su -" or something equivalent there is no
+>> accountability on what he did after that.
+sure, except the fact itself :P
+
+>Don't ever give blanket unaudited sudo. For editing files, provide sudoedit 
+>rules. For commands that can not be specified in advance:
+
+note that current sudo has a bug regarding wildcards,
+
+http://www.gratisoft.us/bugs/show_bug.cgi?id=449
+
+>(this one requires a bit of setup, but is superior)
+># urpmi eash
+>
+>or consider sudosh (but, it only logs locally, so I didn't package it).
+
+newer sudo implement the logging functionality, so sudosh is no longer
+needed
+
+as for the local log only with sudosh i had implemented by making it log
+on an nfs share (with root_squash), thus preventing admins on nfs client
+to muck with the logs.
+
+i will look at EAS tough, seems interesting.
+
+
+-- 
+Luca Berra -- bluca at vodka.it
+