Printable View
hello All,
we are going to install Postgres based OpenERP, and the professionals who will do the support asked to be granted root access to our server.
They plan to support us from remote using an OpenVPN tunnel.
I am not paranoid, however I do not like to hand over the keys...
What could I propose them?
One way might be through sudo. sudo can be use to grant very fine grained access. It's possible that you could set up sudo to allow them to do what they need to and no more. If it is a production server, it's not (I hope) going to be changing a lot and the functions they need will be well-known and clearly defined. See cmnd_alias in sudoers
thanks for your kind reply.
I had thought so, but I can't figure which commands they shall need to execute.
Maybe I should ask THEM to prepare a modified sudoers file for my approval.
That would be one idea.Quote:
Originally Posted by gian
I don't know why they would need root access to manage a db server unless they need to start/stop the service.
I would ask why they need root access in the first place.
I've been playing around with script a bit and it might be useful for logging. You can using in sshd using the ForceCommand directive. That way you have log of what they were doing and have a better change at getting the changes and configurations documented.