[Gnumed-devel] account management

[James Busser]

(was Re: [Gnumed-devel] bootstrapping database problem)

On 5-Sep-08, at 2:54 PM, Karsten Hilbert wrote:

> > I mainly just wanted to know if it was avoidable to have to
> > give gmadm sudo access, since giving them sudo access would allows  
> > them
> > full access to postgres (they could fully "be" postgres, changing its
> > password etc) and I thought the point of having gmadm was to  
> > constrain
> > the rights of gmadm in order to avoid their ability to monkey  
> > around with
> > other postgres databases and instances which might be on the  
> > server, etc.
>
> The intent is correct but its a bit difficult to do.

It seems to me that all IT companies which would be providing support  
may have to be able to restart the postgres server, therefore need to  
be able to sudo to root.

Therefore if these people would have access to root anyway, and the  
value of gmadm is only to provide a home directory in which to keep  
files, then instead of gmadm it sounds like the server may as well  
have a

        useradd -c "system acct for server" -m -r serveradm

inside which to have

        /gm (packages, reference notes)
        /mirth (packages, reference notes)
        /serverdocs (various notes about the server)

Is there any usecase on a production server to grant a system account  
to any office staff  to do something useful without them needing sudo  
access?

I was thinking maybe they could have a non-sudo "backup" account into  
whose home folder dumps could be regularly written, and these dumps  
(maybe after auto-encrypting and gnotary) could be copied by the  
assistant for offsite storage?