[Koha] Setting a default library
Richard
richard at alternativeuniverse.net
Tue Mar 4 16:48:05 NZDT 2008
On Tue, 4 Mar 2008, Rick Welykochy wrote:
> MJ Ray wrote:
>
>> Small aside: I understand that letting all staff login as "kohaadmin"
>> may violate privacy laws in some countries, because you may not be
>> able to trace which librarian accessed which patron's personal data if
>> there's a problem.
>
> [off topic]
>
> Wow, that is a huge can of worms. I know that this is a problem w.r.t
> privacy, but was unaware that the privacy laws have caught up with this.
> Which countries do you know cover this?
I've seen it with companies that operate in the USA - they state it's for
audit compliance, and I just assumed it was related to Sarbanes-Oxley or
something similar. Worse still, the people who administer their Unix
servers (I was one of that group) weren't allowed to add accounts on them
- that task was separated out and given to a "security team", who were
also supposed to manage the root passwords.
> How many *nix systems do you know of (for example) where multiple
> and basically unidentified people have root access?
Not many, personally - I've only ever seen that in smaller IT shops,
though I can't speak for the Windows side. Most places I've worked
recently (the past five years) the actual root passwords are very tightly
controlled, and superuser-level access is gained by way of one-time keys
or similar (RSA SecureID springs to mind). Some places use sudo; either
way, we know who you are and what you did last summer... ;-)
Cheers
Richard
More information about the Koha
mailing list