\_ My question is this: If they need to use gcc, make
\_ and a host of other tools for compiling (they will
\_ be doing chip design), do they need root access?
1) Never, ever, ever trust users.
2) Once you get the basic software installed, the only reason root
should have to log in is to check logs and boot lusers.
3) Never, ever, ever trust users.
4) If they for some reasons, somehow, convince you that they need
root, either squeeze them through 'sudo' or give them a named root
account (luser_r) so you can track their behaviour on the system.
5) Never, ever, ever trust users.
Basically, find out what they need, put it there, and tighten the
security thumbscrews until they are screaming at just under where
management would hear them, then back off maybe a half twist. :-)
Think BOFH.
David
(text/plain)