Security Basics mailing list archives
Re: Application Admins with Local Admin on Servers
From: Ansgar -59cobalt- Wiechers <bugtraq () planetcobalt net>
Date: Wed, 11 Jul 2007 21:29:19 +0200
On 2007-07-09 Megan Kielman wrote:
I am trying to get a feel for what other companies do with regard to application developers needing local admin privileges on servers. I am specifically working in a Windows environment but believe that the same principles would apply in any environment. Here are my questions: Do you grant admin privileges to application developers?
On production servers? No. Developer workstations are located in a separate network segment, and each developer has admin privileges on his own workstation. I addition to that there are servers for testing purposes in the developers' network segment. Developers have admin privileges on these servers, too. The transition developer server -> production server is done by system administrators, with the assistence of the respective developer(s) whenever needed.
If not, do you grant them specific access or do you take care of the work for them?
No.
I do understand that it is a violation of separation of duties to allow application developers to have local admin or root on systems, I am simply try to get an idea of what the rest of the community does in practice.
Properly separate the duties. Regards Ansgar Wiechers -- "All vulnerabilities deserve a public fear period prior to patches becoming available." --Jason Coombs on Bugtraq
Current thread:
- Application Admins with Local Admin on Servers Megan Kielman (Jul 11)
- Re: Application Admins with Local Admin on Servers Malcolm Heath (Jul 11)
- Re: Application Admins with Local Admin on Servers Ansgar -59cobalt- Wiechers (Jul 11)
- RE: Application Admins with Local Admin on Servers Petter Bruland (Jul 11)
- Re: Application Admins with Local Admin on Servers Yousef Syed (Jul 11)
- Re: Application Admins with Local Admin on Servers Adam Pal (Jul 11)
- Re: Application Admins with Local Admin on Servers Joseph Brown (Jul 12)
- <Possible follow-ups>
- Re: Application Admins with Local Admin on Servers levinson_k (Jul 11)
- Re: Application Admins with Local Admin on Servers krymson (Jul 13)