Path: utzoo!utgpu!news-server.csri.toronto.edu!cs.utexas.edu!wuarchive!zaphod.mps.ohio-state.edu!cis.ohio-state.edu!sei.cmu.edu!fs7.ece.cmu.edu!o.gp.cs.cmu.edu!andrew.cmu.edu!jb3o+
From: jb3o+@andrew.cmu.edu (Jon Allen Boone)
Newsgroups: comp.admin.policy
Subject: Re: Policies concerning root privs
Message-ID: <McHtC=q00j69Q5j4pn@andrew.cmu.edu>
Date: 7 Jun 91 14:09:15 GMT
References: <JGARB.91Jun4002317@csd4330a.erim.org>,
	<8560@jhunix.HCF.JHU.EDU>
Organization: Carnegie Mellon, Pittsburgh, PA
Lines: 37
In-Reply-To: <8560@jhunix.HCF.JHU.EDU>

doug@jhunix.HCF.JHU.EDU (Douglas W O'neal) writes:
> In article <jgarb@csd4330a.erim.org (Joe Garbarino) writes:
> ->I'm sure this has been discussed to death in other groups, but I
> ->haven't seen it and this seemed to be an appropriate place.
> ->
> ->I am responsible for some 40 workstations.  These workstations are all
> ->connected to the Internet, and are dispersed among 18 different
> ->groups, each of which would like to have root privileges on their
> ->machines.
> ->
> ->Is this a good/bad idea?  What policies have various sites developed
> ->to deal with this question?  If it's a bad idea, what are various
> ->methods for dealing with groups that demand they have root privilege?
> ->Any advice for sites on how to approach revoking privileges?
> 

  You should find a person in each department and get to know her/him.
S/he should be shown around the system, dicussing the various
administrative policies along the way, as well as how to fix various
problems.  Then you should demonstrate how to boot the machine to
single-user mode (something they may or may not already know, but will
eventually find out!), if they forget the passwd.  Then tell them that
in the case of a problem, they should report it to you - if you are
not available or are too busy to help them, you will authorize them to
fix the problem.  Most people are probably too busy in a day to day
situation, to have to worry about constantly fixing every little thing
that is broken - so make sure you pick (if you get to pick) someone
who isn't TOO busy, but doesn't just sit around all day and do
nothing. 

----------------------------------|++++++++++++++++++++++++++++++++++++++++
| "He divines remedies against injuries;   | "Words are drugs."           |
|  he knows how to turn serious accidents  |     -Antero Alli             |
|  to his own advantage; whatever does not |                              |
|  kill him makes him stronger."           | "Culture is for bacteria."   |
|                   - Friedrich Nietzsche  |     - Christopher Hyatt      |
-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-