[Security_sig] DCL protection assumptions

slav at vogon.net slav at vogon.net
Thu Oct 7 13:35:12 PDT 2004

> 3) Authorized admins are implicitly trusted.
> <eer> I take this to read that authorized admins are implicitly trusted
> for all aspects of system and application administration.
> If not, then there is a need to be able to separate administrative
> duties, and to limit the implicit trust in authorized admins to those
> areas of administration they're explicitly authorized.
> I'd prefer the later to be the requirement, as I think it raises the bar
> on what people expect to be reasonable and necessary for data center
> operations management.
> Consider - is the authorized administrator who's job it is to backup the
> machine also authorized to install new versions of an OS, to bounce
> databases or web application servers, or rearrange and reformat disk
> storage?
> In other words - is there only need for "root", or 0-uid accounts (with
> individual names and passwords, if you wish).
> Oh, and I'm sorry I missed the call this am - I was scheduled into a
> presentation I couldn't get out of...
> </eer>

I second that.  We've determined that we needed layered access for our
data center admins, SeOS is currently helping to parcel out root-like
priviledges.  The intent is to give each admin just enough priviledges to
do their job.

- Slav

More information about the security_sig mailing list