Disempowering the Singular Sysadmin? 433
An anonymous reader writes "Practically every computer system appears to be at the mercy of at least one individual who holds root (or whatever other superuser identity can destroy or subvert that system). However, making a system require multiple individuals for any root operation (think of the classic two-key process to launch a nuke) has shortcomings: simple operations sometimes require root, and would be enormously cumbersome if they needed a consensus of administrators to execute. There is the idea of a Distributed Administration Network, which is like a cluster of independently administered servers, but this is a limited case for deployment of certain applications. And besides, DAN appears still to be vaporware. Are there more sweeping yet practical solutions out there for avoiding the weakness of a singular empowered superuser?"
Eventually, you have to trust someone. (Score:5, Funny)
Oh, the jobs people work at! Out west, near Hawtch-Hawtch, there's a Hawtch-Hawtcher Bee-Watcher. His job is to watch... is to keep both his eyes on the lazy town bee. A bee that is watched will work harder, you see.
Well...he watched and he watched. But, in spite of his watch, that bee didn't work any harder. Not mawtch.
So then somebody said, 'Our old bee-watching man just isn't bee-watching as hard as he can. He ought to be watched by another Hawtch-Hawtcher! The thing that we need is a Bee-Watcher -Watcher!'
Well... The Bee-Watcher-Watcher watched the Bee-Watcher. He didn't watch well. So another Hawtch-Hawtcher had to come in as a Watch Watcher-Watcher!
And today all the Hawtchers who live in Hawtch-Hawtch are watching on Watch-Watcher-Watchering-Watch, Watch-Watching the Watcher who's watching that bee.
You're not a Hawtch-Watcher. You're lucky, you see.
Re:You need at least TWO good sysadmins... (Score:2, Funny)
bussassinated
I have a new word of the day! Thank you. :D
Re:Too many cooks... (Score:4, Funny)
fine, no soup. just type sudo make me a sandwich
Re:sternobread (Score:4, Funny)
Well, there's /root/.bash_history
But if your sudo activity log has you doing "su -", then whatever gets borked up after that is automagically your fault as a matter of policy ^_^
Yeah, nobody's ever altered that file. Also, make sure you are watching for changes to your syslogd config, lest someone disable forwarding, do something snarky, turn it back on. But then, security is rarely something that can be solved definitively by means of one slashdot comment.
Superuser (Score:5, Funny)
No. Now just hang on a second while I delete your user account and all your data, you presumptuous bitch.