> Exactly. That's why you want, at the very least, for the admin's boss to
> know it.
>
one of the ways I've handled this problem in the past in small situations
(a few boxes, a few people) is to have a non-networked box somewhere in
the corner, or a notebook in a safe place (it occurs to me that the
company lock box is as good a place as any). Obviously, the exact tactics
depend on how secure the passwords need to be and who has physical access
to the area (i.e. if only system administrator(s) and the Company
president have access to your machine room, a notebook in the machine room
may be secure enough).
> The problem is finding people who can know the password without writing in
> on a sticky note and putting it on their monitor, or without using it to
> "play around a little".
>
that's human nature, not something I'm particularly good at :)
> I've seen networks where both happened, and I've also seen networks where
> the CFO insisted on having the Windows NT administrator password, *AND* on
> having himself in the "Domain Admins" group.
true wisdom is knowing what you don't know. :)
> It can be disastrous on a Linux system if this happens. It's ridiculously
> easy to, say, accidently change the ownership of every file on /home...
funny..I've done this *exact* same thing once..yes, this sort of thing is
ridiculously easy.
on the otherhand, it's not a huge problem with linux, because linux is
ridiculously easy to get into if you have physical access.
Vinnie
--
PLEASE read the Red Hat FAQ, Tips, Errata and the MAILING LIST ARCHIVES!
http://www.redhat.com/RedHat-FAQ /RedHat-Errata /RedHat-Tips /mailing-lists
To unsubscribe: mail [EMAIL PROTECTED] with
"unsubscribe" as the Subject.
