[clug] Distributed Administration

[David Tulloh]

steve jenkin wrote:
> <butchered>
> Chief security function was keeping the 'enable' passwords secret from
> the Admins - the software handled logins...
>
> Anyone know if something similar exists for Linux systems?
> - SSH to central m/c. [strong proof of identity]
> - no direct access to remote m/c's. [tool does SSH]
>   
Using ssh keys will probably get you a similar result.  You can also use 
ldap logins with sudo to avoid anyone having to know 'the password'.
> - fine-grained access control to hosts/commands/operations
>   
sudo can do this for you but you run into issues where the command has 
full privileges and can run other commands.  Some of the fancier SELinux 
style permissions may be able to restrict this better.
> - logging of changes, with implied versioning and 'undo'

sudo can also log the actions but this suffers from the same issues as 
the previous point (how useful is a log of `sudo bash`).  I think 
versioning and undo is normally handled by pushing /etc into fully 
fledged version management system.  You can also use this to make 
changes and push them out to a collection of boxes.

The implementations I've seen an admin can still change /etc without 
checking it in but you can easily catch this through a cron script or 
the like.  It would be possible to have /etc track the version system 
and update itself via an automatic or manual trigger, combined with no 
direct access.  This would enforce logging for any change.


I'm not sure you are going to find a system like this out of the box, 
everyone's needs are slightly different.  It seems like the various 
pieces you need to put it all together are available though.


David