Thursday, May 26. 2005
sudo for a vendor
We had a problem that needed debugging by a vendor. The project manager requested root access for the vendor, which I denied. We use `sudo` for root access on all the servers.
The problem is that we don't generally restrict sudo access for our employees - policy says that you don't act directly as root for audit purposes. but letting in an outside person means that a "sudo su -" and I lose all audit trail. But the vendor needs to be able to become the service account 'svcacct1' on the server to debug the problem.
So I set up the sudo access as:
I know there are loopholes in this you can drive a truck through. I'm counting on the restrictions and the logging to stop any unauthorized access, kind of like putting a small padlock on a door means that at least if someone breaks it off you can get them for Breaking and Entering, not just Trespassing.
The question is, is there a really secure way to do this?
The problem is that we don't generally restrict sudo access for our employees - policy says that you don't act directly as root for audit purposes. but letting in an outside person means that a "sudo su -" and I lose all audit trail. But the vendor needs to be able to become the service account 'svcacct1' on the server to debug the problem.
So I set up the sudo access as:
vndacct server = (root,svcacct1) ALL, !/usr/bin/su, /usr/bin/su - svcacct1, !/bin/passwd, !/usr/local/sbin/visudo, !/usr/bin/vi /etc/sudoers
I know there are loopholes in this you can drive a truck through. I'm counting on the restrictions and the logging to stop any unauthorized access, kind of like putting a small padlock on a door means that at least if someone breaks it off you can get them for Breaking and Entering, not just Trespassing.
The question is, is there a really secure way to do this?
Trackbacks
Trackback specific URI for this entry
No Trackbacks