Rudi Ahlers wrote:
On Thu, Jan 20, 2011 at 12:00 PM, John Hodrien J.H.Hodrien@leeds.ac.uk wrote:
I think I see things differently. Allowing others to access your account *is* a security risk. It potentially opens confidential data open to other people, and leaves that specific user open to abuse through people using their machine. You might as well just pin your passwords on the notice board and be done. After all, you trust all your staff.
I don't agree with that, sorry.
A few years ago one of our staff members decided his salary isn't good enough so he started a side-line business, on our company time. He stole some of our client's data (contact details, emails, and even contracts) and sold it to 3rd parties. This went on for about 6 months before we actually realized what was going on.
The computer belongs to the company, and the information on it _should_ belong to the company (though what people put on computers can't be completely monitored), but keeping one employee out of another's accounts is important for a variety of reasons.
That does not preclude access to the machine's content. Anyone with root access should be able to do that. You shouldn't have to log in AS THAT USER in order to access the computer's content.
Mike