Today, Jerry Feldman gleaned this insight:
> I'll add another Raytheon Sudbury issue. We had a 16 cpu HP V2500
> system in the lab for testing. While this machine was available to other
> engineers on the program, the primary user was Charlie Murphy. Charlie
> was testing all sorts of things and doing performance benchmarks. He
> was also testing a new feature of the OS that was supplied specifically
> for Raytheon. Because of the type of work Charlie was doing, he would
> frequently cause zombies or other types of processes which sometimes
> required a reboot. Eventhough this machine belonged to the radar
> program, the IT people in Sudbury were insistent that none of the
> engineers have root privs. Additionally, this was the system that was
> supposed to be used for my fibrechannel driver. Every time Charlie
> needed to reboot the machine he had to call the IT people. Finally after a
> month or so, they set up sudo, and allowed him to issue the shutdown
> command.
This situation would not exist if the environment was more well designed.
However there is also a cost factor, and sometimes you have to live with
those cases. In this case, it takes all of 10 seconds to type in the
shutdown command, so the sysadmins should have just done it immediately.
Loss of productivity: a few seconds while the sysadmins are called. Most
engineers waste more than that by standing around the water cooler.
The problem here isn't the security model, but either the environment or
the people managing it.
And yes, working securely DOES slow you down, but if you or your company
need security (and EVERYONE does at least to some extent), then you SHOULD
slow down, and think about what implications your actions have on
security.
--
PGP/GPG Public key at http://cerberus.ne.mediaone.net/~derek/pubkey.txt
------------------------------------------------------
Derek D. Martin | Unix/Linux Geek
[EMAIL PROTECTED] | [EMAIL PROTECTED]
------------------------------------------------------
**********************************************************
To unsubscribe from this list, send mail to
[EMAIL PROTECTED] with the following text in the
*body* (*not* the subject line) of the letter:
unsubscribe gnhlug
**********************************************************
