[lug] recovering sudo w/o root

Nate Duehr nate at natetech.com
Wed Jan 14 17:08:33 MST 2004

On Wednesday 14 January 2004 04:05 pm, Bear Giles wrote:

> If you trust your environment, tape the envelope to the inside of
> the case.  Slip the index card into the envelope.  Always
> available in a known place.

Heh... a better one was my friend who GPG encrypted a text file with all 
the critical system password info then asked the company LAWYERS to store 
it in THEIR safe on CD-R and had them sign a document that only the 
CEO/COO could request it be removed.  (Except updates.)  

Lawyers guard their document safes like a momma mountain lion with 
kittens.  Wonderful idea he had there.  The psychological implications of 
having to ask the company lawyers to get into their safe made a nice 

A new one was put in every time the system passwords were changed, and the 
old one shredded/destroyed.  The sealed envelope with the document that 
had the GPG passphrase typed on it was stored somewhere completely 
different... I forget now... 

But it was convoluted enough that no one would attempt messing with 
getting it unless all the admins were "run over by a bus"... which was 
what it was there to cover for... heh.  Or I suppose if they wanted to 
fire all of us at once, it would have come in handy.  ;-)

Nate Duehr, nate at natetech.com

More information about the LUG mailing list