From owner-freebsd-questions@FreeBSD.ORG  Thu Dec 29 17:04:53 2011
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 1B6821065677
	for <freebsd-questions@freebsd.org>;
	Thu, 29 Dec 2011 17:04:53 +0000 (UTC)
	(envelope-from mikel.king@olivent.com)
Received: from mail.olivent.com (mail.olivent.com [75.99.82.91])
	by mx1.freebsd.org (Postfix) with ESMTP id 7DF748FC21
	for <freebsd-questions@freebsd.org>;
	Thu, 29 Dec 2011 17:04:52 +0000 (UTC)
Received: from localhost ([127.0.0.1])
	by mail.olivent.com (Kerio Connect 7.0.0 patch 1)
	(using TLSv1/SSLv3 with cipher AES128-SHA (128 bits));
	Thu, 29 Dec 2011 11:34:46 -0500
Mime-Version: 1.0 (Apple Message framework v1084)
From: mikel king <mikel.king@olivent.com>
In-Reply-To: <CA+Ne_iJfFK43CE+L2LHcqNSmv7AmRDYyAu4pXGFpd3QB+y3p2w@mail.gmail.com>
Date: Thu, 29 Dec 2011 11:34:39 -0500
Message-Id: <1AD045F1-BBE7-492C-9F19-FB54F2741D5B@olivent.com>
References: <CA+Ne_iJfFK43CE+L2LHcqNSmv7AmRDYyAu4pXGFpd3QB+y3p2w@mail.gmail.com>
To: Irk Ed <irked7189@gmail.com>
X-Mailer: Apple Mail (2.1084)
Content-Type: text/plain;
	charset=us-ascii
Content-Transfer-Encoding: quoted-printable
X-Content-Filtered-By: Mailman/MimeDel 2.1.5
Cc: freebsd-questions@freebsd.org
Subject: Re: OT: Root access policy
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 29 Dec 2011 17:04:53 -0000


On Dec 29, 2011, at 4:01 AM, Irk Ed wrote:

> For the first time, a customer is asking me for root access to said
> customer's servers.
>=20
> Obviously, I must comply. At the same time, I cannot continue be
> accountable for those servers.
>=20
> Is this that simple and clear cut?
>=20
> Assuming that I'll be asked to continue administering said servers, I =
guess
> I should at least enable accounting...
>=20
> I'd appreciate comments/experience/advice from the wise...

Call me paranoid but is your contract near term end?

In my experience this is usually a precursor to a end of year cost =
cutting service provider change. Specifically someone in sales's second =
cousin's nephew who saw a linux server once and thinks he's an expert.

I recommend that you complete a backup of everything prior to granting =
them sudo access. Possibly even run am md5sum against all important =
config files and save that in your back up as well.

Then give them well written explanation of why sudo is superior or at =
least safer to direct root access.

Regards,
Mikel King
BSD News Network
http://bsdnews.net
skype: mikel.king
http://twitter.com/mikelking