OT: Root access policy
m.seaman at infracaninophile.co.uk
Thu Dec 29 10:05:59 UTC 2011
On 29/12/2011 09:01, Irk Ed wrote:
> For the first time, a customer is asking me for root access to said
> customer's servers.
> Obviously, I must comply. At the same time, I cannot continue be
> accountable for those servers.
> Is this that simple and clear cut?
> Assuming that I'll be asked to continue administering said servers, I guess
> I should at least enable accounting...
> I'd appreciate comments/experience/advice from the wise...
Where I used to work, customers were given root level access to their
servers by default. We did insist on a secure access method using SSH
keys and we also insisted that root level access was allowed only to
specific named people each using their own SSH key (so you always had to
login as an unprivileged user before getting root access). This allowed
a good level of audit trail and the ability to identify exactly who had
On the whole, this worked well. Most customers are after all motivated
to keep their servers running well and securely and would very rarely
use their root level access, since we would provide all the routine
management functions as part of the service. Occasionally there would
be customers that we pretty much as capable as we were, and for those we
were happy to let them do their own thing so long as they conformed to
our security standards. Occasionally there were the odd customers who
thought they were much more capable than they were. Generally there
would be a cock-up, which we would then sort out at the customers
expense, after which things tended much more towards the customer
leaving it all to us. (Usually this would happen during the system
setup or testing phase so no embarrassing service outages.)
On the other hand, we tended not to give customers any access to
firewalls or network switches or other network infrastructure, nor
indeed to monitoring or backup or other adjunct services.
The important thing, especially if you have stringent service level
guarantees in your contracts, is to disclaim any liabilities due to
outages or other problems caused by customer action. Which implies that
it is vital to have good audit data that can identify the individual
responsible for any action. You're also justified in raising your
prices to cover yourself against potential losses (reputational or
otherwise) due to customer actions.
Your mileage may vary -- the clients at that job were mostly finance or
similar companies and tended to have quite formal change-management
regimes in any case. Other sectors may be a lot more gung-ho...
Dr Matthew J Seaman MA, D.Phil. 7 Priory Courtyard
PGP: http://www.infracaninophile.co.uk/pgpkey Ramsgate
JID: matthew at infracaninophile.co.uk Kent, CT11 9PW
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 267 bytes
Desc: OpenPGP digital signature
Url : http://lists.freebsd.org/pipermail/freebsd-questions/attachments/20111229/a461d136/signature.pgp
More information about the freebsd-questions