[SLL] sharing superuser account is always bad policy, right?
Glenn Stone
technoshaman at liawol.org
Thu Feb 5 09:44:39 PST 2009
On Thu, Feb 05, 2009 at 09:24:16AM -0800, Phil Mocek wrote:
>I'm concerned about the security policies of a Web hosting company
>who also provides dedicated Linux servers.
[...]
>Setting aside the fact that they stored the password for root in
>cleartext -- on a Web server -- then asked me to communicate it in
>a ticketing system that echoes to e-mail, their staff and me
>sharing the root account seems like a bad idea.
Ummm, yeah. The BOFH in me sees about six red flags there.
Root's PW should never ever be stored cleartext, not if you've got anything
resembling modern facilities. At a *minimum*, you can do the proverbial
electronic sealed envelope, i.e. a gpg-encrypted file containing
passwords...
Several better-practices ways to provide access:
* Regular account + sudo; sudoers can get pretty darn granular. You can also
log the snot out of it externally via some variant of syslog...
* PGP-keyed access to root from known trusted hosts.
* Custom userid with privs setup to do *exactly* what management needs.
Any or all of these could potentially be enabled/disabled in real time based
on management requests.
But, no. Cleartext. On a webserver. In a ticketing system. In email. No
SLL anywhere. Wanting that access to peek at temps (you don't need root to
do that). (They could've asked for the relevant logfiles, too...)
No, I don't think that's even a competent MSCE over there, much less anyone
who really knows jack about Linux security. Give'em the Trump.
-- Glenn
More information about the linux-list
mailing list