back to article Administrator access: Right or privilege?

Here’s a story, which may or may not be true. A long, long time ago, a UNIX sys admin was having a problem with some of his users, who thought it was really funny to download explicit photos from the then still-fledgling Internet and pop them up on other people’s screens. It wasn’t funny of course, but when the administrator …

COMMENTS

This topic is closed for new posts.

Page:

  1. Stu
    Stop

    Oh how easily...

    ...everybody forgets the other angles of approach to this sort of problem.

    Whats wrong, for instance, with the human angle, or at least the HR angle. Sod all these scripts, and processes, when you simply inform your staff that disciplinary action may be taken against them if regularly found to be carrying out stupid, non work related, or downright totally NSFW actions. At the very least they can be reported to their line manager.

    Thats the first thing that sprang to mind about the story at the top of the article, so why was a solely technical or operational procedural solution employed when you could simply approach them about it (talk about matching the 'IT crowd' stereotypes!). Are theses people who look after data not expected to be responsible, adult individuals, after all??

  2. Anonymous Coward
    Anonymous Coward

    With power goes responsibility...

    ...and in this case, the sysadmin's first and greatest responsibility was to know what he was doing. If you aren't competent to write scripts that will do exactly what you intend - no more and no less - then you certainly are not fit to be given root access.

    1. tfewster Silver badge
      Big Brother

      Re: With power goes responsibility...

      So you've never made a mistake? I say you're not a proper sysadmin until you've made a major balls up - and fixed it, of course. The experience teaches you to think about what could go wrong in any future work.

      The script would work fine when tested locally. rcp/scp'ing the script to the client machine and then executing it would also have worked. It's running the command via a remote shell that causes the problem. I agree it should have been tested that way, but it's not a no-brainer.

      @ Jon Collins - I don't think throwing more money into training would have helped here, as training can't cover every Admin situation; Nor do I agree that having a "Master controller" workstation for the sysadmin is poor practice, though it does need to be trustworthy if trust relationships are being set up.

      The idea of restricting a sysadmins scope only works if there are some super-sysadmins to oversee/support the less experienced team members. And vetting depends on someone being able to assess the candidates knowledge, experience and attitude accurately.

      However if you could develop an "Intro to ethics/security/testing/approach" training course, it could be relevant to all sysadmins no matter what the OS

      Quis custodiet ipsos custodes?

  3. LawLessLessLaw
    Boffin

    Root / Administrator is a design flaw

    All powerful users are a mistake.

    see Plan 9 for how to do it properly

  4. Anonymous Coward
    Thumb Down

    Admins Are Not The Problem

    ...Rather it is "normal" users doing stupid things like clicking on attachments or divulging passwords in a "social engineering" attack.

    The data center seems to be quite secure as compared to individual PCs, because most admins are well-aware of risks and the proper countermeasures. Also, they don't surf the internet with their mainframe or Unix server and they certainly won't install a random download from the internet for their machines. PC users *do* the last two things.

    An article about "Securing a Corporate PC" would have been much more interesting. Questions like

    * is a Virus scanner effective and required ?

    * should a PC processing sensitive data be conntected to the internet ?

    * should there be a "social PC" in every office ?

    * how can I contain the threat-vectors comming in through common office programs ?

    * what can the firewall do for security ?

    * what can't the firewall do for security ?

    * should companies use Managed Security Providers or do security themselves ?

    would be interesting.

    1. Anonymous Coward
      Anonymous Coward

      These are great ideas

      I recommend you hold that thought for a couple of months. Neat things may show up soon.

  5. Jamie Kitson

    erm

    Well duh!

  6. Select * From Handle
    Paris Hilton

    Select * From Users Where Clue > 0 ?

    Bit of a geeky responce i know but we have this kinda thing where i work.

    1. Tell HR about the perp, if he/she is a repeat offender show him/her the door.

    2. Gimp their login so they cant access the internet/set up a Squid server and block access to sites.

    3. Employ Admins that think befor they decided to run truncate scripts.

    Admins need to be super users to sort out the idiots :D

    Paris because she would be an awsome super admin!

  7. PhillCO2
    Black Helicopters

    Delegated Access?

    My company is in the process of migrating to a new single domain from multiple legacy domains, the approach that has been taken here is to delegate administrative access only over what each IT staff member needs to do.

    A normal support analyst may have local admin rights on all the PCs within his area and some control over active directory for the users in his area, he wont on the other hand have access to say, reconfigure the exchange or dns servers. These are set up centrally and then the configuration can only be changed by certain infrastructure administrators.

    I find this approach also leads to better change control, because an admin can't just decide to be lazy and say I can just change that without bothering run it through official channels, because they don't have the rights to do so without them being delegated out.

    It can be frustrating at times to have to get a form filled in to get access to a server to do a simple task but it is generally beneficial as a whole.

    (Black helicopters because the audit trail means they always know who bricked their system)

  8. Arkasha

    This reminds me

    of a funny incident when a colleague on site at a customer location called me and asked "Hypothetical question: if someone had accidently typed rm -rf * in the root directory, could they restore the filesystem without a backup?"

    After I wiped the tea off my keyboard and screen I promptly dispatched a backup tape by courier to his location, telling the boss the expense claim was for a replacement disk...

  9. Anonymous Coward
    WTF?

    In that little scenario from the article

    The admin was obviously an incompetent idiot and it was only a matter of time before some avoidable mishap caused a loss of data.

    I've been through this before when (going back a few years now) our boss came up with the great idea that we should only use an account with admin rights when performing admin tasks, all our "everyday" work should be done with a normal user account.

    "That's fine" we said, "but you don't seem to realise that our everyday work IS performing admin tasks, we're the administrators" - duh.

    Anyway, long story short, everyone created for themselves two accounts, one with admin one without, then we all used the admin one all the time, got on with our work and the whole thing was one of the stupidest moments of management self gratification I've ever experienced.

    My boss was a moron, she was told to do it by upper management and didn't have a clue what to do because she was a Manager and not an IT person.

    The only people that could have made it happen were us, the admins, no one thought to ask us and we wouldn't have been interested anyway.

    So I do agree, it's about trust, you either employ quality people and pay them well to be in a position of trust or you employ idiots, pay 'em peanuts and hope you can prevent them from screwing everything up.

    1. Egons Proton Pack
      WTF?

      @ AC : Thursday 8th April 2010 12:27

      Have we worked together?

      That is the exact scenario that we had forced on us.

  10. Anonymous Coward
    Coat

    Solution - delete the users

    When I ran a lab, there were no problems with missing, damaged equipment, etc.

    The first time it happens, the rules are explained.

    The second time, your fingers are shut in a drawer.

    The third time... well it never got that far, I don't know... (Hydrofluoric acid ?)

  11. Anonymous Coward
    Grenade

    Half-and-half methinks

    Myself as a SysAdmin and the Ops Staff have root access. Some other "power users" also have it because we can't be bothered installing sudo and partitioning down the permissions. It works for the most part because people know what not to change, (an exception would be last night when I got called out to support a script that was not modified by any sysadmin yet had worked its way onto the schedule).

    As long as you have understanding amongst the users with "root" access about what is / is not permitted and where the limits are, (and can find them quickly and easily) this seems to work. The problems usually come when a "BASIS Barbie" insists on owning everything on the box "cos thats what SAP says you have to do!". (Also known as the "S.A.P. Messiah Complex")

    If they don't know what they are doing, they don't get the password, or else I write a script and use "setuid" (great for situations where userid admin is done by non-tech business users).

  12. Bassey

    Dynamic Access

    We have admin machines with the "super user" accounts on them. If someone needs full network administrator access for a task, they fill out an Outlook form requesting that access, a quick description of what they will be doing and why and an estimate of how long they will need it. The form is automatically sent to two senior managers and the Information Security Manager - two of whom must approve it before the admin machine (virtual) is booted and they can log in.

    If the time overruns and they still need the machine, another request is sent explaining why, otherwise, the machine is shut down.

    It sounds overly complex and restrictive but it doesn't actually require THAT much effort and it certainly makes you think "can I do this another way"? Requests are actually few and far between

    1. Timo

      of course you don't get many requests

      With a complicated and heavy-handed system like that the users have probably figured out an easier way to do it by hacking into the system (to get their jobs done) than it is to jump through your hoops.

      Way back when we all used Unix in the office, we "Lusers" had to get creative in order to get stuff done. In fact the BOFH's were pretty jumpy because a lot of times we knew more about the system than they did.

    2. Ammaross Danan
      FAIL

      Wonderful

      I see this as a simply wonderful way to teach your IT staff to kludge their way through tasks.

    3. Goat Jam
      WTF?

      @Bassey

      Are you insane?

      I'm glad I don't work there, that's for sure.

      Here we all have standard user accounts as well as an admin account. I don't use Windows but the Windows guys here all work that way too. It's not so hard and reasonably secure. Your way is just nuts and will end up being counter productive in the long term.

  13. Pete 2 Silver badge

    power should match skills

    Consider Ubuntu. It has a policy of disallowing root in order to stop a user from doing stoopid things. Obviously in pursuit of this goal it manifestly fails, as users are ingenious and will always find new ways of screwing up. To do anything "risky", you have to go through the sudo command, which really just puts a few more characters of typing between an idiot and oblivion and is also very easily worked around for those of us who neither make mistokes, nor like having petty inconveniences placed between us and our goals.

    Of course, if your sys admin is prone to making basic errors, such as accidentally inserting a " " (space) between the dot and the slash in "rm -rf ./" then it's wise to question if they shouldn't be sweeping the floors instead of piloting your enterprise servers. Just as you shouldn't expect or allow a pilot to accidentally sit at the back of the plane, instead of at the pointy end with the controls.

    All of this could be solved easily by paying sys-admins the going rate for the responsibilities they carry - rather than just considering them as a necessary evil, who's costs (and training) should be minimised. That way you'd at least generate some demand for the top jobs and be able to select for experience, rather than entrust your business to the cheapest applicant.

    There is one problem though. The original article was asking the wrong question. In the light of the story, a better title and question to ask would be: INTERNET ACCESS: RIGHT OR PRIVILEGE?

    1. Ian 31

      Pride Comes Before A Fall......

      I quote,

      'is also very easily worked around for those of us who neither make mistokes'

      Damn fine work Pete, you can take your foot out of your mouth now.

      1. Basic
        Grenade

        Unfortunate

        Hard not to feel sorry for him there - Couldn't have been in a worse place :)

        1. Pete 2 Silver badge

          luck or design

          what you guys should ask yourself is this. Of all the 1500 characters in the post, which one single character mis-typed would be the most noticeable? Next, take into account the spill choker and then consider the possibility of this mistake, sorry: mistoke, happening by accident or by design.

          It's been a long day and I'm bored!

          (Though I realise that no matter what I say, some will still go for the cock-up rather than conspiracy theory)

      2. Anonymous Coward
        Anonymous Coward

        RE: Pride Comes Before A Fall

        When I read it, I thought it was pretty obvious that the poster was being tongue in cheek with good humor too, good post.

        Very fine work indeed Ian, perhaps you should re-assess the location and ownership of said foot.

        1. Andy ORourke
          Joke

          I spotted the jake too

          I mean, it must have (N.B MUST HAVE, not MUST OF!) been intentional, "o" is the opposite side of the keyboard, simply not possible to make that kind of mistoke!

          1. jake Silver badge

            @Andy ORourke

            Damn! And here I was , keeping quiet, too :-)

          2. John H Woods Silver badge
            Happy

            oooh you QWERTYist

            'o' is on the opposite side of the keyboard my foot ... it is right next to the 'a' ... if you use a sensible keyboard layout :-)

            1. KayKay
              Heart

              Dvorak alert ^^^^

              Type your comment here — plain text only, no HTML

  14. deshepherd

    not just administrators

    I once ran into a script which was designed to package up parts of our design into the delivery format ... as part of this it worked out where to place the package and if the dir already existed did an "cd <delivery-dir>; rm -rf *" first to start from a clean slate. Only problem (and I found it the hard way) was that the mechanism used to find where to put the delivery had the property that if things weren't setup correctly then it would end up saying that the delivery should go into you home dir ... which it then procede to clean out.. Side-effect was I learnt the benefits of a IT setup that maintains hourly snapshots of the file system!

  15. Daniel 1

    The Vexed question of Vetting

    I think one shocking shortfall in current HR practice, is in not following up on the Referees given in people's CVs - to the extent that its even common practice for candidates not to include referees on their CVs, these days. If you cannot find at least three people to vouch for your abilities and potential, then you probably shouldn't be looking for work in that branch of industry, just yet. Not only can a referee give some of the best feedback, available, as to how well someone really WILL perform against a given set of competencies, on a day-to-day basis, but the opinion is free!

    I'd be more than happy for any of the referees, that I've put on any of my CVs, over the years, to be contacted - but know of no occasion, since I left the publishing industry and moved back into IT, where this was the case. Conversely, I can think of numerous instances, where - had my own previous employers made a simple call to a referee - it would have saved me a great deal of grief, having to deal with people who have lied their way into jobs that were well beyond their capabilities (in one case, they would have discovered that - not only had SuSE Linux never employed the individual in question - but that SuSE Linux did not even maintain an office in the town where the individual claimed to have been employed, for instance).

  16. A. Lewis
    Paris Hilton

    A privilege

    Especially now when you look at a windows environment. Having administrator permissions means any virus or malware that manages to run under your session has administrator access too.

    Far better for all staff at an organisation to use standard, rights-limited user accounts. The IT staff can then have secondary logon accounts with administrative privileges for use when needed. Today with a working environment consisting of IT staff probably using multiple VMs and remote desktop sessions at any one time, having a specific administrative login is not a burden and makes a lot of sense.

  17. Sean Timarco Baggaley
    FAIL

    Only one poster realised...

    ...that this is an *interface design* issue.

    Why the hell are people still lionising an operating system that's rapidly approaching its *fortieth* birthday? IT has moved on a tad since UNIX was designed, but instead of building better mousetraps, the community has contented itself with twisting, warping and generally buggering UNIX about over the years.

    UNIX was popular with programmers because it's easy to hack together some code for it. Ease of use for *end users* was never a primary consideration—and, by god, does it ever show!

    The result is a bunch of godawful bastard Sons Of UNIX, each with its own annoying quirks, commands and archaic user interfaces created in an age when people communicated with computers using teletypes and paper tape.

    People complain that *Microsoft* are bad at innovation, but at least they're actively pumping serious cash into alternative OS designs like Midori.

    (Plan 9 suffers from the same problem as UNIX: it's designed with programmers and researchers—not mainstream users—in mind. Programmers already have plenty of UNIX clones, so it's unlikely to ever catch on as a mainstream OS.)

    People aren't universally nice and friendly. Any OS designed for a mainstream audience which fails to address this is doing it wrong. End of.

    1. Daniel 1

      Boring

      I see we have, here, another pilgrim from the cheap seats, who want to turn this into yet another conversation about operating systems.

    2. Peter Gathercole Silver badge
      Stop

      Another view.

      I'm sure I don't agree. Yes, UNIX is nearly 40. Yes, there are uglies in the way that you administer it, and also in the crude security model, but what are you holding up as a shining example of something better? I've seen administration tools that looked prettier, but they generally end up being so locked down as to be largely useless, or so complex to set up (I'm thinking CDE with it's cross-system authentication here) that you have to be a real propeller-head in order to get it working.

      UNIX has seen off so many alternatives, and still lives on, while everyone else learns the hard way over-and-over again that hidden complexity leads to difficult-to-manage systems. The more layers of 'gloss' you add to 'simplify' administration, the more problems you build in when it goes wrong. (I'm coining Gathercole's Law as being "Apparent simplicity causes hidden complexity" )

      If you need something better for users, then Gnome and KDE will provide you something just as pretty as other OS's (and a product from the 1980's called Looking Glass, which predates usable Windows systems also springs to mind), so the so called unfriendly* command line is not necessary for those who don't need it. Sometimes you ought to look and see what it is possible to do with the simplicity of the shell command line as practiced by real power users. It may not LOOK pretty, but it is elegant and functional.

      I have frequently stunned managers and younger colleges by piping together several small tools with simple stream processors (think awk or sed) to achieve in a matter of minutes things that they were prepared to commit days of work to do. This is especially true in clusters or networks of near homogeneous systems, which is where UNIX excels.

      It is a testament to the original design criteria of the shell and the base UNIX command set that most of the commands I use on a daily basis came out of Bell Labs. Version 7 UNIX, dated 1976. This has been augmented over the years, but you would still recognize that system as UNIX today. This may mark me out as a dinosaur, but hey! I'm still working, and I appear to have the respect of my peers who keep asking me to do things they cannot work out an easy way to do.

      In my view, what is wrong with the example quoted WAS a UNIX design flaw, that of allowing spaces in filenames (space should have been made a banned character), but the very flexibility of the shell and filesystem interface allowing almost any character in filenames has allowed multi-byte character set languages to be integrated into UNIX with comparatively little effort.

      (*) Often, the reason why it was seen as unfriendly is that most users were too lazy to learn the dozen or so commands that were the core set needed to do their job. They got frightened because two-and-three letter abbreviations were not close enough to english (e.g. cat - catinate is and English word, but one many people are not familiar with). This was a matter of perception and training. Possibly the only OS that got it right on the command line was VAX/VMS with DCL, which allowed you to use full command names, or any unique abbreviation. But this made the command processor one of the largest tasks in the system and was still not English!

      P.S. I'm really not looking forward to a time when role-based security (which is already present in the few genetic UNICES left and also Linux since the 2.6 Kernel) becomes the norm. I predict that we will see stories of administrators who don't fully understand the importance of local privileged accounts locking themselves out of their systems when the LDAP or ActiveX directory servers cannot be contacted to authenticate them to fix the problem.

    3. A J Stiles
      Stop

      Because UNIX was so nearly right, is why.

      The reason that people are still lionising a nearly-40-year-old operating system is *precisely because* it got it so near right the first time. In those 40 years, nobody has managed to make anything better. Which is more probable: you, having learned about something five minutes ago, have seen something that the finest minds in the field have been missing for decades; or you just don't understand it properly?

      One tool for one job means sources don't become incomprehensible and binaries don't get bloated.

      The "owner / group / world" permissions system is fine-enough grained for people actually to use it.

      And ignorance is a temporary state; an obstacle to be overcome. Not something to be celebrated. For crying out loud, *secretaries* at AT&T used to use `vi` for writing letters. When did we become averse to learning?

  18. lglethal Silver badge
    Joke

    this was actually a BOFH in training...

    I think its quite obvious why he didnt report the people to management - he was getting a free load of porn, with someone else doing the downloading who would get fired if discovered (or who could be nicely blackmailed...).

    You let the luser download the porn, you copy it to a new location (you seem to have missed that part in the article ;) ), then delete material so that the luser has to go and download new material, and so on...

    As for the deleting root and all, what a convenient excuse to reload a backup which just happens to be missing the logs of the file copying (and probably a nice series of financial transactions involving the company bonus scheme if this was a true BOFH)...

    Never attribute to Malice what can be explained by Incompetence.... unless your dealing with a BOFH...

  19. Jeremy Chappell
    Grenade

    Err, users?!

    In this example the problem seems to be the admin didn't have enough power - he/she should have been able to dismiss the morons downloading porn. Having to fight users with scripts seems like fighting a forest-fire with a water pistol. Make users more accountable, and help the poor admin (in this case).

    A lot of the other issues are not applicable in this case. Why admins don't work in teams of at least two I'll never understand (so one can say to the other; "Hang-on, we might be about to do something monumentally stupid, let's not end up as a story on El Reg".

  20. Anonymous Coward
    Anonymous Coward

    Keys to the key cabinet

    The one thing that always struck me about the windows admin model is that by default your account administrators (who are generally at the bottom end of the technical scale) have the ability to set any account to any access level, including their own.

    It completely eliminates the most basic of accidental slips and theoretically should only leave malicious action, but it's all too easy for a low level tech to give himself higher access in order to make one little task easy... but then forget and leave it on.......

    1. Anonymous Coward
      Happy

      I dont think........

      Limited accounts can actually escalate the account to Admin in Windows (don't know, never tried it, always run as Admin myself)

  21. amanfromMars 1 Silver badge

    There's Peanuts and Monkeys, and Experts and Experts and very Few of the Real Thing in IT.

    "And as for vetting – this is more of a human resources issue, in that IT management can’t really be expected to conduct background checks on its staff. It wouldn’t be appropriate even if they knew what they were looking for, and of course, our increased reliance on contractors and external suppliers makes things more complicated still."

    For anything and everything above important and sensitive* is vetting vital, and even more so whenever it is complicated by increased reliance on contractors and external suppliers, for whenever they are from the capitalist private sector are they only interested in profit/money for nothing. And in IT the stories are legion of waste and contracts not delivered and 100's of billions spent with nothing but troubled and failed systems to show for it. And no claw back of course for then who would bother themselves to tender for work in areas which are novel.

    The most critical and always present weakest link in all of that though is revealed in these few words ....."even if they knew what they were looking for" for it is usually always the case of the blind leading the blind until someone shows up to lead them with more than they thought ever possible, for it is always both an Intelligence and Philosophical issue at the higher levels of sensitive access and Administrative Privilege aka Prime Leadership.

    When things do down the tubes it is a sure sign that Admin doesn't have what it takes and doesn't have what IT needs .... for a double whammy of downward spiralling despair.

    Take a Bow, GB ...... for you are the Perfect Sub Prime XSSXample

    "There is one problem though. The original article was asking the wrong question. In the light of the story, a better title and question to ask would be: INTERNET ACCESS: RIGHT OR PRIVILEGE?" ..... Pete 2 Posted Thursday 8th April 2010 12:32 GMT

    Crikey, I do not wish to be unkind, but whenever something is become a ubiquitous always on necessity, that question must be about the stupidest one which one could ask. What's your game then, Pete 2?

    1. Pete 2 Silver badge

      Internet a necessity?

      >but whenever something is become a ubiquitous always on necessity

      Hardly a necessity. When I look around me, most people at their desks are using the internet for facebook, twitter, booking their holidays, personal email, watching iplayer, looking up reviews of electronic toys and reading their own choice of websites. A few techies also use it for downloading patches, scripts, unauthorised softs and howtos.

      Balance that against the proportion of bugs, viruses, trojans and other nasties that come down the pipe (hint: they ALL do) and the amount of work time lost from all the above activities - though there are some induhviduals who we prefer to sit quietly at their desks, goofing around, rather than trying to contribute in their own negative-progress ways. and the argument for internet access becomes very hard to defend. And no, I don't buy the counter-argument that it increases productivity to balance the time wasted.

      There might just, possibly be a case for a fully quarantined network a la a cyber cafe for people to use in their "down time", or possibly for bona-fide work, but most people cannot justify uncontrolled internet access for their work - just as they cannot justify other ubiquitous services such as a TV on their desks.

    2. Neil Paterson

      oh f++k off

      sorry, not the poster you're replying to, but really, go and stare at some goats or something?

    3. jake Silver badge

      "always on necessity"?

      Hardly. When the receptionist is using twitter and checking her personal email at google, and the janitorial staff are listening to the ballgame and checking player stats at MLB.com on company time, the company is wasting human-hours, which translates to money. Most people in the corporate world can't even make a business case for needing an email account that routes to the outside world to do their jobs, much less full-blown Internet access. Many don't need email at all.

  22. ProblemChild

    Be careful.

    The number of reckless admins I've seen crash and burn frequently increments. Many are the tales that are told of reckless fools who try and squeeze too many backups down too few kpbs, or repartition the SAN without checking who else may be doing the very same, or delete that failed backup only to find it wasn't the backup - it was the original, or type "shutdown -r now" in the wrong terminal window.

    It all comes down to attitude. If you have the attitude that you are immortal, a god-like figure of IT excellence, then reality will soon prove you to be a fool. If you accept the fact that you are merely human and prone to mistakes, then you carefully follow the set procedure and maybe, just maybe, live to return and do it all again tomorrow.

    Tools I find handy are things like;

    Outage windows. (But I told you it wouldn't work yet.....)

    Pre-planning. I hate doing my thinking during the outage - better to have it done before.

    Peer review (blamesharing with colleagues).

    Formalised change control (blamesharing with management).

    There's others. The ITIL RFC process is pretty handy. Some of those "soft" skill training courses aren't completely useless.

  23. My Alter Ego

    @Pete 2

    Have to agree about sudo in Ubuntu, users will always find a way around it. I always execute sudo bash when using it on my laptop when there's more than a couple of tasks that need doing. Not sure if any distros allow this out of the box behaviour.

    I learnt my lesson playing with Linux in the mid 90s; did a recursive chmod when I was in the root directory, not my home directory as I thought. Gave up trying to fix it and reinstalled. I'm now extremely careful when executing any recursive command, and religiously use pwd before doing anything even remotely catastrophic.

    1. Peter Gathercole Silver badge
      Alert

      sudo lockdown

      It's perfectly possible to lockdown sudo so that you cannot run any shell, and there are many books around that will also show how to prevent user-escapes from allowed commands (like shell escapes from vi, for example).

      This is another advantage of UNIX and UNIX-like OS's. There's lots of documentation and experience 'out there'. When your only avenue to reliable knowledge is a vendors training program, you become their technical and economic hostage. This is one reason some vendors like changing their product frequently, so they have the opportunity to sell their training over-and-over again.

    2. Goat Jam
      Headmaster

      Huh?

      Firstly, did you know that you can do sudo -i to get a root shell session?

      Secondly, only users in the %admin group have access to sudo (by default) so if you don't want lusers flailing away at the OS then don't put them in the admin group.

      Simples!

  24. Paul Crawford Silver badge

    Doh!

    Already said are the two points:

    (1) The users should have had a kicking for the problems they brought, and

    (2) the administrator should have been kicked for not understanding and carefully testing such a potentially serious script before deploying it.

    The issue of trust is, of course, important and any competent organisation of any significant size will have more than one good (technically & responsibly) person with the necessary knowledge to administer things, and most likely separated departments each with their own 'kingdom' of access rights.

  25. Dodgy Geezer Silver badge
    Black Helicopters

    What I find interesting is...

    The fact that the early IT Security standards were written by CCTA, and tended to stress technical countermeasures...

    then Security Service took over their jobs, and now the standards all include terrorist vetting and having yourself approved by a member of the leather apron brigade....

  26. Anonymous Coward
    Black Helicopters

    Horror story from idiot application administrator

    who had root access, and wrote a clever little utility in the application stop / start script that appended a farewell message to the user's .profile files each time the database stopped and started, and gzipped and renamed the source text file being appended to make it really hard to find.

    It was merely annoying until we found he had not made it user-specific (his temporary workfile was the same for all 5 database userids on the Server) so when Spain and Italy went down at the same time for backups and then came up with each others OS configs, all hell broke lose. We had to fly him back from Germany to get him to remove it. Needless to say, he does not set foot in our site anymore.

  27. Nigel 11
    FAIL

    It couldn't have happened with VMS

    Some may think this a small point, but other industries have realized the importance of intrinsically safe design, and over the decades and centuries they have pushed unsafe designs onto the scrap-heap. The computer industry has a long way to go -- in many areas we don't even know what intrinsically safe really means.

    But in the namespace of a filesystem, allowing special shell characters and control codes as part of filenames is intrinsically very unsafe. A filename ought to be a string with a defined maximum length, and each byte restricted to a set of non-special characters (typically 0-9, A-Z,a-z, underscore and hyphen).

    Unix has cursed the world with a few serious mistakes, and unrestricted strings of bytes as filenames is one of them.

Page:

This topic is closed for new posts.

Biting the hand that feeds IT © 1998–2021