how to lock down remote users?
hello All,
we are going to install Postgres based OpenERP, and the professionals who will do the support asked to be granted root access to our server.
They plan to support us from remote using an OpenVPN tunnel.
I am not paranoid, however I do not like to hand over the keys...
What could I propose them?
Re: how to lock down remote users?
One way might be through sudo. sudo can be use to grant very fine grained access. It's possible that you could set up sudo to allow them to do what they need to and no more. If it is a production server, it's not (I hope) going to be changing a lot and the functions they need will be well-known and clearly defined. See cmnd_alias in sudoers
Re: how to lock down remote users?
thanks for your kind reply.
I had thought so, but I can't figure which commands they shall need to execute.
Maybe I should ask THEM to prepare a modified sudoers file for my approval.
Re: how to lock down remote users?
Quote:
Originally Posted by
gian
thanks for your kind reply.
I had thought so, but I can't figure which commands they shall need to execute.
Maybe I should ask THEM to prepare a modified sudoers file for my approval.
That would be one idea.
I don't know why they would need root access to manage a db server unless they need to start/stop the service.
I would ask why they need root access in the first place.