Creating new user accounts - security?

[phpguy]

Hello all,

I am looking at creating two user accounts for "contract system admins"

These guys will be performing sys admin duties for a sever -- however, I am still concerned about security of data. For example, the server contains password information for our database, etc.

Besides making them sign an NDA, etc. what other security mechanisms could I put in place to ensure that they don't just go buck wild. For example, when someone makes a sudo command, is this logged?

what are some recommendations for general security practices?

Thanks!

[SkyHiRider]

Sudo can be logged, but I never meddled with it myself. Take care however, when they get sudo rights, they might also access their logs and meddle with them. It would be probably best to enable some kind of remote logging on your server that sends every new relevant log entry to a remote machine that only you have control over and acess to. But never had to implement something like this yet so can't be more specific.

After quick googling I found this neat link, it seems you can limit which commands (binaries) sudoers have access to. Check it out: linsec.ca - Using Sudo to Limit Access

Perhaps you can even limit which parts of the disk can they access, this needs more googling thou

But I would surely enable the remote log to evaluate their peformance and have the possibility to analyze what they did in the future.