From mboxrd@z Thu Jan 1 00:00:00 1970 From: Yuri Csapo Subject: Re: root access for end users Date: Mon, 08 Jun 2009 13:19:41 -0600 Message-ID: <4A2D644D.2020304@mines.edu> References: <4A2902BF.8030903@mines.edu> Mime-Version: 1.0 Content-Transfer-Encoding: 7bit Return-path: In-Reply-To: <4A2902BF.8030903@mines.edu> Sender: linux-admin-owner@vger.kernel.org List-ID: Content-Type: text/plain; charset="us-ascii"; format="flowed" To: linux-admin Thank you everyone for your thoughtful input and suggestions. I thought I'd summarize the replies here so everyone could benefit: Suggested technical solutions: I will be considering them all in the near future: - ACLs - Limited root kernels: rsbac and lids - Samba as opposed to NFS - Don't forget to secure the network infrastructure - Treat the network as untrusted and mandate VPN Other kinds of suggestions: some people (correctly I think) have identified this as not a technical, but a political problem. - Hire a lawyer and try to fight it out - Stand up for your rights - Try to communicate with users in their own terms Other comments: I appreciate them all and agree with most :) - This will be a nightmare - Don't do it - Quit - It's your job. Get over it. -- Yuri Csapo Academic Computing & Networking Colorado School of Mines CT-256 Phone: (303) 273-3503 Fax: (303) 273-3475 Email: ycsapo@mines.edu Please use the following link to open a service request: http://helpdesk.mines.edu =========================================== With a PC, I always felt limited by the software available. On Unix, I am limited only by my knowledge. --Peter J. Schoenster