[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: change control via CVS tags
|
From: |
Jeremy Mates |
|
Subject: |
Re: change control via CVS tags |
|
Date: |
Thu, 13 Oct 2005 12:06:26 -0700 |
|
User-agent: |
Mutt/1.4.2i |
* Martin, Jason H <jason.h.martin@cingular.com>
> The problem is that root on the CFE master server could bypass all of
> that. I'm confident that there are very straightforward ways to stop
> non-CFE-master-root users from wreaking havoc, but then there is the
> 'root' problem.
Do not grant the usual carte blanche root access (nor sudo shell/edit
access), and keep the root password for the critical build/install
servers in the control of a 3rd party group without admin access.
Probably requires other procedures and planning to work right...
> I'm thinking that a two-server system under different administrative
> domains such that the servers have to agree on the rules and
> repository before changes are applied sounds about right.
Hopefully the systems will be quick to debug/setup, especially if the
other group is slow/on vacation when something bad happens to the
other server!