Tugger the SLUGger!SLUG Mailing List Archives

Re: [SLUG] Replicate Production to DR file system with rsync


On 12/02/2010, at 8:31 PM, Tony Sceats wrote:

> lol, yes, that's the bit I missed :)
> 
> I guess ultimately you either have to relax the permissions on the files
> (eg, add a new backup group, chrgrp and chmod the files), or relax the
> system access restrictions (eg, using sudo, as already suggested by Ken)

sudo is fine, and I like the concept of Ken's suggestion.  Just need to flesh out some details, but conceptually, it sounds like a good approach.

> I wonder which would have larger implications.. I would expect setting up
> extremely limited sudo commands allows more flexibility in the sorts of
> things you can do as well as not being a pita to keep stable over upgrades
> and installations

Agreed.  Tweaking sudo can be done through the normal change management channels.  Relaxing network "security" (such as direct root login via ssh) would involve an entire world of pain starting with the security team.  Mind you, they have some rather odd ideas of what constitutes security.  So far, it seems, obscurity is just as good as security, as long as the auditors are happy (clueless imbeciles...all of them) and PCI compliance isn't affected.

DO NOT get me started on PCI compliance...grrrr: "Hey look at me, I'm PCI Compliance! I'm a thick as two short planks and read a security appliance catalogue once....you need two of everything in it!". *slaps forehead*

Cheers,

James

Attachment: smime.p7s
Description: S/MIME cryptographic signature