In a message dated: Tue, 20 Jun 2000 00:40:20 EDT
"Kevin D. Clark" said:
>
>Derek Martin writes:
>
>> Engineers almost never really need the root
>> password to do their jobs.
>
>On the workstation that I do most of my development on, I use my root
>password nearly every day. So do most of the engineers I work with.
>I doubt a decent sysadmin could wrap all of the functionality I
>require with sudo.
It depends upon what you need to do. I've heard this argument before, but
I've never been given a valid reason why engineers *need* the root password.
Hell, *I* don't even need the root password for most of what I do, and I'm the
sysadmin!
Sudo is an amazing tool, and it can damn near do anything when combined with a
proper list of requirments from the user, a little shell scripting, and some
ingenuity.
>I know of organizations that don't let engineers and scientists have
>their root passwords. My observation is that this causes a lot of
>resentment and loss of productivity.
>
>Yes, I understand the security implications here, but I'm telling you
>that in my experience not giving an engineer the root password causes
>more problems then it solves.
I too have observed this, and in all cases I have concluded that it's usually
because the users do not want to give something up that they've previously
had, but can't come up with a valid reason for why they need it.
Additionally, they refuse to co-operate with the sysadmin staff to provide a
list of things they need access to so the sysadmin staff can add that
capability for them to the sudo access list.
The last company Derek and I were at, I changed the root password on every
machine on the network one night. It was 6 months before anyone realized it
was changed. At that point I was told that they (engineers developing network
equipment) could not do they're jobs without it. They had no answer for me
when I asked them what they had been doing for the previous 6 months :)
There is nothing you can't provide without sudo. UC Boulder runs a network of
something like 40,000 hosts, and *NO ONE* has the root password. It's locked
in a safe in a sealed envelope and has not been used in something like 10
years. All the sysadmins use sudo, as well as anyone else who "needs" root.
--
Seeya,
Paul
----
"I always explain our company via interpretive dance.
I meet lots of interesting people that way."
Niall Kavanagh, 10 April, 2000
If you're not having fun, you're not doing it right!
**********************************************************
To unsubscribe from this list, send mail to
[EMAIL PROTECTED] with the following text in the
*body* (*not* the subject line) of the letter:
unsubscribe gnhlug
**********************************************************
