On Tue, 4 Mar 2008, Rick Welykochy wrote:
MJ Ray wrote:
Small aside: I understand that letting all staff login as "kohaadmin" may violate privacy laws in some countries, because you may not be able to trace which librarian accessed which patron's personal data if there's a problem.
[off topic]
Wow, that is a huge can of worms. I know that this is a problem w.r.t privacy, but was unaware that the privacy laws have caught up with this. Which countries do you know cover this?
I've seen it with companies that operate in the USA - they state it's for audit compliance, and I just assumed it was related to Sarbanes-Oxley or something similar. Worse still, the people who administer their Unix servers (I was one of that group) weren't allowed to add accounts on them - that task was separated out and given to a "security team", who were also supposed to manage the root passwords.
How many *nix systems do you know of (for example) where multiple and basically unidentified people have root access?
Not many, personally - I've only ever seen that in smaller IT shops, though I can't speak for the Windows side. Most places I've worked recently (the past five years) the actual root passwords are very tightly controlled, and superuser-level access is gained by way of one-time keys or similar (RSA SecureID springs to mind). Some places use sudo; either way, we know who you are and what you did last summer... ;-) Cheers Richard