On 01/31/2011 04:15 PM, Derek J. Balling wrote:
> On Jan 31, 2011, at 5:47 PM, Mark McCullough wrote:
>> I will disagree with one point given earlier. Application code must not be
>> distributed in RPM format because then only root can install or update it.
>> Application code must be installed non-root. The Windows equivalence would
>> be that applications must not require administrative privilege to install or
>> run. Since the Unix package managers (from AIX, HP-UX, RHEL and Solaris in
>> my experience) don't seem to support non-root packages, a separate package
>> manager for application code is indicated.
> This comes down to a philosophical and business decision. We don't want users
> just compiling and installing software in random locations all on their own.
> If they need something, they should ask the sysadmin team to get it
> installed, properly, for them. This will generally involve a testing regimen
> to ensure that the system remains stable with this new application code
> installed, that if there's application-data that needs to be backed up we
> know about it, etc.
>
> Further, as someone who's been down "dependency hell", a single unified
> 'admin-only' package management system is the only way we want to install
> software anywhere in our data-center.
>
I'm definitely in the same boat. No one but those with root privileges
should be installing anything on the servers I'm responsible for, and
ideally those installs should be going through a proper change control
procedure too. Installing, maintaining and updating software is a key
part of any sysadmins job. Sure do as much as possible to automate the
workload but don't allow random joes to start installing software.
That's a good way to end up with a system you can not effectively
support, or even re-create at 3am in the morning.
_______________________________________________
Discuss mailing list
[email protected]
https://lists.lopsa.org/cgi-bin/mailman/listinfo/discuss
This list provided by the League of Professional System Administrators
http://lopsa.org/
