information-rights-management

Role Based Access Controls – SUDO suggestions

January 10, 2011

Sudo: A Unix command enabling accounting for root actions

Sudo (superuser do) intends to replace su; it allows certain users (or groups of users) to run some (or all) commands as root while logging all commands and arguments.

Create appropriate Web, Application and Service dedicated Groups to sandbox priveleges. Create such groups as:

Apace_Web_Admin
TomCate_Web_Admin
ColdFusion_Web_Admin
WebSphere_Admin
WebTrends_Admin
Tools_Web_Admin
OPS_DBA
OPS_DBA_Operator
Backup_Operator
OS_Monitoring (syslogs)
OS_Monitoring (NOC, SOC, GNOC)
SUDO_GRP (sudo_all)

  

Development / QA environments:

Web_Developer
Application_Programmers
Application_Testers
Dev_DBA
Dev_DBA_Operator
SUDO_GRP (sudo_all)