Re: DBAs running

From: Austin Hackett <>
Date: Mon, 03 Feb 2014 18:26:12 +0000
Message-id: <>

Many thanks to everyone who has taken the time to reply - lot's of useful info for me to bring to future discussions. Very much appreciated...

On 3 Feb 2014, at 18:01, Matthew Zito <> wrote:

> Wait - I forgot about one option that I alluded to in the first paragraph of my email - commercial sudo replacements that offer more advanced capabilities where they actually intercept systems calls to try to anticipate what users are (negatively) trying to do. They're expensive, complicated to run well, and usually people can figure out how to get around them. But they get used from time to time, especially at really big companies.
> One or two big companies I deal with have an intermediary solution, where they can "break glass" to get access to root for things like, but they have to go to a website, open a ticket with what they're doing, it gets approved, adn they get the root password, which is actually automatically generated. Tehy then log in with that password once, run, and then the password is changed automatically until the next person requests root access.
> Again, complicated and expensive.
> Matt

Received on Mon Feb 03 2014 - 19:26:12 CET

Original text of this message