-2

Hello how to protect linux account form other administrators(coworkers) in company who can use your account to steal data and point a police that you are the guy who steal data from company.

if others coworkers have sudo they can change user by su command to your account then whipe logs they change account. how do you protect yourself?

Robert Fil
  • 7
  • 3
  • The company should log any `sudo` invocation for audit purposes. – choroba May 07 '20 at 11:27
  • Very related questions: https://workplace.stackexchange.com/search?q=administrator+trust+is%3Aquestion – Gerald Schneider May 07 '20 at 12:35
  • Step 1 is to (in writing) email your concerns to management, and bcc a personal account. You should encourage management to **mitigate** /help you mitigate the risk by setting up remote logging to a system the root admins don't have access to modify. Similarly root access should only be allowed via sudo, again doing remote logging. – davidgo May 07 '20 at 19:19

2 Answers2

3

You can't. If you don't trust employees to use root access sensibly, don't give them root access.

Gerald Schneider
  • 23,274
  • 8
  • 57
  • 89
0

Q: What is the best way to prevent people from shooting you in the foot?

A: Do not give them a gun!

Root access to any machine should be very closely guarded and given only to those that you Trust and, preferably, who actually know what they're doing. All to often, because it's "easy", access is handed out, like candy, to anyone that asks for it, only for them to come back shortly thereafter having done something that they "didn't "mean" to do.

Security measures should there to allow people to do the job that they're paid to do and prevent them from doing things that they're not supposed to do. If that's not the case where you work, then your [corporate] Security Model is in need of a major overhaul.

Community
  • 1
Phill W.
  • 1,479
  • 7
  • 7