On Sunday 15 November 2009 10:52:51 Neil Bothwick wrote: > On Sun, 15 Nov 2009 05:15:43 +0000, Stroller wrote: > > > So when he fucks things up good royal and proper, will he gladly > > > accept his > > > shafting and pay you more to undo it? Or will he do the usual > > > customer stunt > > > and blame you? > > > > My typical experience is that the customer will take it completely on > > the chin and pay me to fix the problems. That doesn't make foul-ups > > due to such unnecessary meddling any less frustrating, though. > > Why not use sudo to give the customer's account almost full root access? > Not only does this allow you to restrict which damaging commands he can > run but sudo logs each command it runs, so you have CYA insurance.
Double CYA insurance: Send all logs to a remote syslog server. The user with sudo permissions can still disable logging, but you have untouchable evidence that he did :-) -- alan dot mckinnon at gmail dot com