LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 01-31-2017, 02:08 PM   #16
rtmistler
Moderator
 
Registered: Mar 2011
Location: MA, USA
Distribution: MINT Debian, Angstrom, SUSE, Ubuntu, Debian
Posts: 8,299
Blog Entries: 13

Rep: Reputation: 3695Reputation: 3695Reputation: 3695Reputation: 3695Reputation: 3695Reputation: 3695Reputation: 3695Reputation: 3695Reputation: 3695Reputation: 3695Reputation: 3695

Quote:
Originally Posted by TB0ne View Post
Good luck. The OP was pointed there before, but still doesn't seem to get that unless these 'admins' (who apparently can't be trusted not to reboot a live server without good cause, or run fsck on a mounted volume) are restricted to an incredibly small set of commands (and are locked out of the server room), that there is no real solution for their "management official reasons" request.

They don't seem to realize that:
  • If they can get into the server room, they can log in as root on a console and do whatever they want
  • If they can get into the server room, they can UNPLUG the server physically and reboot it (negating the first "official reason" of "not allowed to reboot")
  • If they can reboot the server they can also boot it to single-user mode and fsck anything (negating the second "official reason" of "not allowed to fsck")
  • That if they have ANY sort of sudo rights past a few commands, they can get in as root and do anything (negating BOTH points)
  • That if they have ANY sort of sudo rights past a few commands, they can reset system time to avoid the "official restrictions" on hours those things can be done (negating points 1 and 2 as before)
..which brings things full-circle to what cynwolf said, and I agree with: it's all about trust. If these 'admins' are too stupid to know not to do these things, or just don't care, then they do not need to be admins and/or have admin rights, it's that simple. But the OP says that we someone 'don't understand' these issues.
Absolutely correct. In a secure domain the first level of protection is physical access. Once that is granted, many bets are off; however the point here is "granted" versus "compromised".

Part of granting is also giving trust to those persons. If they are not worthy of trust, then they should not be granted access and privileges.
 
Old 01-31-2017, 02:10 PM   #17
273
LQ Addict
 
Registered: Dec 2011
Location: UK
Distribution: Debian Sid AMD64, Raspbian Wheezy, various VMs
Posts: 7,455

Rep: Reputation: 2301Reputation: 2301Reputation: 2301Reputation: 2301Reputation: 2301Reputation: 2301Reputation: 2301Reputation: 2301Reputation: 2301Reputation: 2301Reputation: 2301
I want to know which company the OP works for as if it's one I'm paying for hosting I want a refund and a move to another.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
"fsck failed. Please repair manually and reboot" on OpenSUSE 11.4 –gone after reboot? muohta SUSE / openSUSE 1 07-17-2014 02:52 PM
How to fsck a SAN on reboot rjo98 Linux - Server 4 04-12-2013 05:16 AM
[SOLVED] how to bypass fsck at reboot rjo98 Linux - Newbie 2 07-23-2010 06:17 AM
Cant reboot. Inode, fsck? fedoraguy Linux - Newbie 1 08-13-2004 04:20 PM
Redhat 9: restricting reboot/shutdown from login screen jsf03723 Linux - Distributions 7 06-20-2003 11:33 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie

All times are GMT -5. The time now is 02:34 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration