On 4/3/07, shogunx <[EMAIL PROTECTED]> wrote:
That sounds like a recipe for disaster unless you have the tightest of physical security.
As Mark points out, physical security is not really the issue here. In most mainframe installations you will find that physical access to the hardware is very restricted and controlled. The "virtual raised floor" that z/VM provides uses logical access control to manage that virtual hardware. Those controls are much more granular and easier to keep up-to-date. I don't believe security becomes more tight by additional doors that use the same key to unlock. Or like in many installations, a single master key for all locks that is shared amongst staff members for daily operation. One of the basic rules is to separate authentication (who are you) and access control (what can you access). Sharing a (common) root password breaks that rule even when you change it on a regular basis in a way that is not predictable. We found it more productive to allow staff members to authenticate themselves for root access to the server, and audit that access. You get much of that with RACF and a spooled console to a central archive. Rob ---------------------------------------------------------------------- For LINUX-390 subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390