Trouble at the 9th layer.
Rich Braun
richb-RBmg6HWzfGThzJAekONQAQ at public.gmane.org
Mon Nov 30 12:16:00 EST 2009
Matt Shields wrote:
> For years we've used sudo to give our developers and qa access to
> production servers run cat, less, more and tail to view logs, but
> nothing else.
What I've done at my workplace - and which has gotten rid of most of the
demands by devs for root - is build 'logviewer', a completely separate server
in the production server farm. Devs get non-root access to that box, no
access on the production boxes, by default. Whenever someone needs access to
a log of some sort that I haven't yet thought of, I simply add a read-only
export rule on the source machine with a matching automount rule and slurp it
into logviewer.
This way there is no possible loophole by which a dev can get write access.
We do have to trust that our devs won't abuse read access (once in a while
there is a wayward employee who breaches confidentiality by accidentally or
deliberately sending data outside the company; so far it hasn't happened on
the IT side of the company).
-rich
More information about the Discuss
mailing list