[hackerspaces] Abuse Of Power

Mark Janssen dreamingforward at gmail.com
Mon Apr 15 04:20:58 CEST 2013


On Sat, Apr 13, 2013 at 8:56 AM, astera <astera at hackerspaces.org> wrote:
> I got a couple alerts while I was at a conference in Amsterdam, and
> two emails about broken parts, and after taking a look and seeing
> someone unknown access my server and have root privs as I got back, I
> sent an email to the tech@ mailing list and removed sudoers access
> until I got a statement from fh. His account's access was restored
> within minutes after his reply. As I would like to know who gives
> access to whom on my servers, I would've very much hoped to get
> informed by you about this previously, personally or via the tech@
> mailinglist - because that's what it's there for. No, I do not rejoice
> in alerts while I'm away that leave me clueless about why they were
> generated, as I'm sure you would not, either.

As someone who's been a large-system Unix admin before and finally
re-reading what this original issue is all about, both of these
desires and actions were fair.

The admin pattern that is recommended practice, however, is to create
a new account with root privs (uid=0), so that all system loggers keep
track of who's doing what and there's full accountability.

This would have helped both Paul "get things done" and Astera who
needed "to know what's going on on her servers".

And now that that's over, I see that I totally jumped the gun
recommending the gamification idea for hacker *space* administration
(pangaia)-- no wonder everyone was confused!!!   So very sorry to
everyone for that!  (But try it anyway..... ;^)

Mark Janssen
Ducks away in embarrassment. :^{


More information about the Discuss mailing list