
Ask HN: How do you manage user permissions on production servers? - rbruggem
Do you allow root access to production servers? or full sudo access?
Do you allow particular tasks to be run with sudo? Which ones?
Do you grant users temporary superuser permissions?
What do you do in case of emergencies?
Do you completely forbid users from sshing to production servers?
Do you audit&#x2F;monitor superusers activity?
======
techjuice
This would depend on what type of hosting this is for. If this is for a shared
hosting setup then customers do not have or need sudo permissions. Either way
the only people with sudo should be the top system engineers for emergencies,
everyone else can go through the automated security, deployment and testing
process from testing, staging and automated tested and verified push to
production.

