l4-hurd
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Sysadmins


From: Brian Brunswick
Subject: Re: Sysadmins
Date: Thu, 3 Nov 2005 15:17:14 +0000

On 03/11/05, Justin Emmanuel <address@hidden> wrote:
> Also in the desktop Enterprise the systems admin needs to be very
> intrusive. To do things like create default interfaces, and make users
> adhere to company policy;
>
> How about super users with different rights and authorities?
>
> Why not split the concentration of power?
>

This is the correct answer to the sysadmin problem. The reality is
there are many different types, and we should have "possible to split
sysadmin power" as a goal.

Examples:
I want someone able to install a new database version without being
allowed access to
the live customer data.

I want someone able to add users within a particular domain, but not
able to access anyone's files.

I want someone able to manage backups and file retrieval at the
physical media level.

I want to give an auditor read-only access to all the accounts.

I want someone to be able to manage resource usage and prioritise
users/programs.

I want someone able to set up all the above. Perhaps it would actually
be a committee, and need multiple signatures to proceed!

Hardware access ultimately means all bets are off, but at least it
should be somewhat hard. That means encrypted data I guess...

--
address@hidden




reply via email to

[Prev in Thread] Current Thread [Next in Thread]