On 02/09/2013 08:55 PM, Roel_D wrote: > Just a question out of interest: > > Let's say you put root's directory to another zfs dataset. > This dataset has been backupped to an USB stick.
Hang on, you don't encrypt your back ups? Seriously? No offense dude, but if you did that at my place, you'd find yourself in serious trouble really soon. > I find it (the USB) and I take it to a new OI server and try to > import it. This will work since it is not encrypted. Who in their right mind does backups to removable media unencrypted? > On the new server i am root with a new/different password. Since i > am root, i can open the old root directory and read its bash history. > Voila. I know all things from the old admin. You already committed so many capital crimes in systems administration that you just deserved what is coming. In order, your crimes were: 1) You've used tools which record sensitive data into your .bash_history (Ever wonder why security-aware tools never take passwords as command-line arguments? That's why.) 2) You neglected to encrypt your backups to removable media. Big no-no. 3) You didn't handle backup media with the care they deserve (encrypted or not, backups are among the most sensitive data an organization can have) and misplaced them where they can be easily picked up by an attacker. So by this time, everything that happens to your systems is already karma. Plus, all of this works regardless of whether /root is on a separate dataset or not! (I use duplicity backup on my Linux laptop.) Cheers, -- Saso _______________________________________________ OpenIndiana-discuss mailing list [email protected] http://openindiana.org/mailman/listinfo/openindiana-discuss
