[Koha] Setting a default library

Richard richard at alternativeuniverse.net
Tue Mar 4 16:48:05 NZDT 2008


On Tue, 4 Mar 2008, Rick Welykochy wrote:

> MJ Ray wrote:
>
>> Small aside: I understand that letting all staff login as "kohaadmin"
>> may violate privacy laws in some countries, because you may not be
>> able to trace which librarian accessed which patron's personal data if
>> there's a problem.
>
> [off topic]
>
> Wow, that is a huge can of worms. I know that this is a problem w.r.t
> privacy, but was unaware that the privacy laws have caught up with this.
> Which countries do you know cover this?

I've seen it with companies that operate in the USA - they state it's for 
audit compliance, and I just assumed it was related to Sarbanes-Oxley or 
something similar.  Worse still, the people who administer their Unix 
servers (I was one of that group) weren't allowed to add accounts on them 
- that task was separated out and given to a "security team", who were 
also supposed to manage the root passwords.

> How many *nix systems do you know of (for example) where multiple
> and basically unidentified people have root access?

Not many, personally - I've only ever seen that in smaller IT shops, 
though I can't speak for the Windows side.  Most places I've worked 
recently (the past five years) the actual root passwords are very tightly 
controlled, and superuser-level access is gained by way of one-time keys 
or similar (RSA SecureID springs to mind).  Some places use sudo; either 
way, we know who you are and what you did last summer... ;-)

Cheers

Richard



More information about the Koha mailing list