Slashdot is powered by your submissions, so send in your scoop

 


Forgot your password?
Close
typodupeerror
×
Security Operating Systems Software Unix

UNIX Systems Control Politics? 133

Posted by Cliff from the got-root dept.
pariahdecss asks: "I have just been hired as the webmaster for local college. The website for which I am responsible is hosted 'in-house' and controlled by the college. The server box does not have any other production systems on it besides my website. The website that I have inherited is driven by an amalgam of Embedded Perl and PostgreSQL. Now to the politics...the UNIX Administrator does not want to give me root access to this box. What have others done when faced with this type of systems politics? Is it even possible to function as a full scale webmaster without root access to the box you serve from?"
This discussion has been archived. No new comments can be posted.

UNIX Systems Control Politics? More

UNIX Systems Control Politics?

Comments Filter:

  • Comment removed (Score:3, Interesting)

    by account_deleted ( 4530225 ) on Sunday November 21, 2004 @11:35AM (#10880824)
    Comment removed based on user account deletion

  • Inherit the whirlwind (Score:3, Interesting)

    by AndroidCat ( 229562 ) on Sunday November 21, 2004 @11:54AM (#10880920) Homepage
    You don't say anything about what else you inherited along with the website: Was the previous web admin a jerk? Was the server a pustulent boil on the face of the university's net?

  • What kind of Webmaster? (Score:5, Interesting)

    by Androclese ( 627848 ) on Sunday November 21, 2004 @12:26PM (#10881072)
    Are you talking the modern Webmaster where their skill sets are limited to the design and content of the website or the Old-School Webmaster (like me) where you were responsible for everything like the OS, the software (Apache, mySQL, Perl, PHP), access (.htaccess, etc.), and the content (HTML, images, etc.)

    If you're talking a Modern webmaster, then no, they don't need it. The Server Admin just has to make sure all the directories they are using are owned by the assigned user.

    If you're talking Old-School, then yeah, it's pretty much a necessity; sudo at a minimum.

  • Based on your question (Score:2, Interesting)

    by kelleher ( 29528 ) on Sunday November 21, 2004 @01:14PM (#10881306) Homepage
    I'd say you don't know enough about UNIX systems to deserve root access. What exactly do you think you need it for? The only thing you really need is the ability to start Apache on port 80. Everything else can be done w/out priviledged access if setup properly.

  • You both suck...... (Score:3, Interesting)

    by JDizzy ( 85499 ) on Sunday November 21, 2004 @02:28PM (#10881668) Homepage Journal
    I also have a bitchy so-called web master that wants root access, but I finally figured out it is his ego getting in the way of his own work. Ultimatly I created a sandbox where he can have root. Finux useres can try User-Mode-Finux hack, or if you use FreeBSD you can use a jail/prison, in Solaris you have containers, everwhere else you have chroot. Certainly my developers see my policies at politics, but I see it as idiot control.

  • Re:Yes (Score:5, Interesting)

    by NemoX ( 630771 ) on Sunday November 21, 2004 @02:57PM (#10881869)
    Or, do it enough and piss him off so that a policy will be put in place to start a versioning system with installation time tables. I have seen this backfire in favor of the admin before.

    Webmasters are more lined up with programmers these days (think maybe .jsp, .aspx, etc.). And I can guarantee you that those programmers don't have root access to the web boxes in an environment that is properly set up. Why? Because they are programmers, not administrators...just as a webmaster is exactly that, and not an administrator. If you want root, you will need to prove that you are a capable UNIX administrator. Best thing to do if you want root, is to be his understudy and learn from him. Then, in time, when you are knowledgeable enough, you will get root. I doubt that you already have that knowledge since webmasters get paid much, much less that UNIX admins, so if you had it you would be a UNIX admin somewhere that would be paying you a heck of a lot more. Until then, sit back and enjoy the ride.

  • Re:sudo (Score:3, Interesting)

    by yarbo ( 626329 ) on Sunday November 21, 2004 @04:18PM (#10882320)
    sudo vim :sh I'd expect a text editor in the list of available commands...

  • a tale of root acquisition (Score:3, Interesting)

    by tverbeek ( 457094 ) on Sunday November 21, 2004 @11:07PM (#10884715) Homepage
    OK, now that we've got all of the entirely-accurate "you don't need root" lectures out of the way, I'd like to share how I did get root on some boxes at the college I work at.

    I started here 5 months ago. One of the things that got me the job was being able to tell my boss that "I know Linux", I've been running my own and a previous employer's web and mail servers for five years, etc. But that's not in my job description; it's someone else's job. In today's downwardly-mobile economy, I'm a mere "Technician" here.

    I didn't push it. When a problem with DNS cropped up, I used my knowledge of how DNS works to help troubleshoot it, passing useful information to my boss and to the guy responsible for fixing it. A couple months later when we started having problems with DHCP, I stayed late helping to troubleshoot. When it happened again the next week and I was the only other person around, my boss logged me in under an account with root privilege (she has it because she's the boss, not because she's qualified to use it) so I could restart dhcpd. The next time, she actually gave me root, and I figured out what the problem was... but let the official admin get it working. After that, I kept my privilege to maintain the DHCP system to make sure it stayed operational.

    That sounds like the end of the story, but it continues: I determined that the real problem with DHCP was that we didn't have enough addresses to accommodate student laptop plug-ins. I suggested a solution, and the boss let me do it: set up an old P2 box running Coyote Linux as a router, putting 30+ machines on their own subnet, thereby alleviating the problem (at zero expense). And on that box I don't just have root... I am root.

  • Re:Webmaster needs root acces? (Score:4, Interesting)

    by harikiri ( 211017 ) on Monday November 22, 2004 @05:48AM (#10886459)
    Reminds me of an advertisment I saw just a few days ago. The magazine is literally sitting next to me, so let me just grab it to refresh my memory...

    ...ahh here's the quote:

    "How many Developers run as Administrator on their development box? Our research shows 95% or more - despite this being a known practice which introduces deployment and/or security flaws in applications downstream!"

    Either way, it's an absolute PITA to do development without the freedom provided by having total access (installing third party packages/software, modifying permissions, configuring services). You can install applications like Sudo [courtesan.com] to grant elevated privileges on a case-by-case basis, but you have to be serious about it because there's a lot of configuration you have to do if you want to do it properly.

    Sidenote: My colleague who used to work for a bank told me a tale where he was not allowed to see what cron jobs were running on a system, but for whatever reason - had been given access to use /bin/cat with sudo. At one stage he "cat" the /var/spool/cron/tabs/xyz (or whatever the path is), in order to find out why some process was hogging the system resources. When he offered a suggestion on how to improve it - the admin looked at him oddly and was like "how do you know what cron jobs are running!?"

Slashdot Top Deals

For God's sake, stop researching for a while and begin to think!

Close