On Tue, Apr 15, 2008 at 3:56 PM, RPN01 <[EMAIL PROTECTED]> wrote: > RedHat and SuSE expect administrators to use the root account because "It's > always been done that way." But, when you have more than one administrator, > and especially if you have more than a hand-full, like six to fifteen, then > doing so gives you no accountability for what has been done to your systems.
We found the "there is no root password" was much more acceptable to the developers. Too often a response like "you cannot have it" made them come back later complaining this was the reason their project was late, with a big badge joining them to twist our arms. Actually, our users did not have passwords either. We relied entirely on cryptic keys via SSH and LDAP. Most harmful things can be done with sudo as well (we even controlled it by LDAP rather than passwords). And you could always run a shell under sudo, but it would reveal who was inside. Rob ---------------------------------------------------------------------- For LINUX-390 subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390
