Mike, You've just made what is my point for me in the following:
Mike Oliver wrote: > Or maybe it's to prevent *inadvertant* rather than malicious > damage? Something like: People in our group might find > out the root pword and be tempted to su to quick-fix some > difficulty they're having, then they might break something > and we wouldn't know who was responsible, so we'll just > remove the temptation? I guess that makes a certain amount > of sense, but it's not terribly flattering to your coworkers. You can't set everyday policy based upon occasional problems. It's a pain until it becomes habit, but in the long run, it's much easier to set up an ID whose sole function is to collect e-mail reports of system problems. This assumes you don't have some fancy help desk system already in place. Then, unless you have an unmanageable bureaucracy -- and that's another problem entirely -- the SAs can prioritize them and systematically resolve them. There are generally enough things to do in an SA's day/week without having to sweep up after "inadvertent" damage. Not to mention the time wasted trying to figure out what went wrong, and how to fix it. The smaller the list of "super-users" the less likely someone will fat finger a critical file, and when it does happen, the more likely it will be fixed in a timely fashion, since the perpetrator is more easily identified, and has a more accurate idea of what they did wrong. In my former life, I was in a group of 4 Sys Admins who were the only keepers of the root password, including our supervisor. In fact, he insisted on not knowing to avoid those types of situations, since he appreciated our efforts in a "normal" environment, with fewer "curve balls" thrown our way. I've had mixed feeling about giving users the root password to "their own" workstations. This had been a thorny issue for us in the past. On the one hand, it's easy for someone to fix their own problems, assuming they know what they're doing. On the other hand, my experience is that (myself included) there is a tendency to wait one or two fat finger actions too late to ask for help and have things fixed quickly. It's just too much hassle to set up and admin some sort of competency test. We sort of settled on a policy of "if you want to do it yourself, take the classes." Most would not. Budgets being what they are, there are a certain number of dollars (euros, whatever) allocated per employee for training, and they wished to take other things. That was fine, just don't cry about us "not being fast enough", or again, take the classes and become part of the solution, not another problem. The worst part of this "sweeping up" is the SA has to try and troubleshoot something while said user is generally hovering over their shoulder, harrumphing and often complaining they "need to get work done". As if we (the SAs) have nothing better to do all day than go from desk to desk holding hands. And, if you're real lucky, you may even get a "Thank you" or a free cup of coffee. Like I ever need extra caffeine! At that point, I would politely ask them to tell my boss, not just me. That way, he/she would have some idea why my "real job" wasn't getting done on time. My 2 cents. _/_/_/_/_/ _/ _/ _/ Ted J. Wagner _/ _/ _/ _/ _/ ((( Soundwaves ))) _/ _/ _/ _/_/ _/ Fender Bender _/ _/ _/ _/_/ _/_/ Have Guitar, Will Travel _/ _/_/_/_/ _/ _/ [EMAIL PROTECTED] Linux *is* user-friendly, just picky who it chooses for friends!
Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
