Slashdot Mirror

← Back to Stories (view on slashdot.org)

UNIX Systems Control Politics?

Posted by Cliff on from the got-root dept.

pariahdecss asks: "I have just been hired as the webmaster for local college. The website for which I am responsible is hosted 'in-house' and controlled by the college. The server box does not have any other production systems on it besides my website. The website that I have inherited is driven by an amalgam of Embedded Perl and PostgreSQL. Now to the politics...the UNIX Administrator does not want to give me root access to this box. What have others done when faced with this type of systems politics? Is it even possible to function as a full scale webmaster without root access to the box you serve from?"

9 of 133 comments (clear)

  1. Government Systems by digitalchinky · · Score: 3, Interesting

    For the first several years working for DSD there was no way in hell they were going to give me root access to anything, my data and home directories could be measured in the tens of gigabytes just to overcome these limitations. That was solaris, unfortunately (in my opinion) to get anywhere near the same functionality (as root access) you'll spend a huge amount of time recompiling applications, tweaking config files to do things that probably nobody ever intended, along with being on your supervisors shit list for blowing out disk space, audit trails, and... well... just because...

    Not easy.

  2. Inherit the whirlwind by AndroidCat · · Score: 3, Interesting

    You don't say anything about what else you inherited along with the website: Was the previous web admin a jerk? Was the server a pustulent boil on the face of the university's net?

    --
    One line blog. I hear that they're called Twitters now.
  3. What kind of Webmaster? by Androclese · · Score: 5, Interesting

    Are you talking the modern Webmaster where their skill sets are limited to the design and content of the website or the Old-School Webmaster (like me) where you were responsible for everything like the OS, the software (Apache, mySQL, Perl, PHP), access (.htaccess, etc.), and the content (HTML, images, etc.)

    If you're talking a Modern webmaster, then no, they don't need it. The Server Admin just has to make sure all the directories they are using are owned by the assigned user.

    If you're talking Old-School, then yeah, it's pretty much a necessity; sudo at a minimum.

  4. Based on your question by kelleher · · Score: 1, Interesting

    I'd say you don't know enough about UNIX systems to deserve root access. What exactly do you think you need it for? The only thing you really need is the ability to start Apache on port 80. Everything else can be done w/out priviledged access if setup properly.

  5. You both suck...... by JDizzy · · Score: 2, Interesting

    I also have a bitchy so-called web master that wants root access, but I finally figured out it is his ego getting in the way of his own work. Ultimatly I created a sandbox where he can have root. Finux useres can try User-Mode-Finux hack, or if you use FreeBSD you can use a jail/prison, in Solaris you have containers, everwhere else you have chroot. Certainly my developers see my policies at politics, but I see it as idiot control.

    --
    It isn't a lie if you belive it.
  6. Re:Yes by NemoX · · Score: 4, Interesting

    Or, do it enough and piss him off so that a policy will be put in place to start a versioning system with installation time tables. I have seen this backfire in favor of the admin before.

    Webmasters are more lined up with programmers these days (think maybe .jsp, .aspx, etc.). And I can guarantee you that those programmers don't have root access to the web boxes in an environment that is properly set up. Why? Because they are programmers, not administrators...just as a webmaster is exactly that, and not an administrator. If you want root, you will need to prove that you are a capable UNIX administrator. Best thing to do if you want root, is to be his understudy and learn from him. Then, in time, when you are knowledgeable enough, you will get root. I doubt that you already have that knowledge since webmasters get paid much, much less that UNIX admins, so if you had it you would be a UNIX admin somewhere that would be paying you a heck of a lot more. Until then, sit back and enjoy the ride.

  7. Re:sudo by yarbo · · Score: 2, Interesting

    sudo vim :sh I'd expect a text editor in the list of available commands...

  8. a tale of root acquisition by tverbeek · · Score: 2, Interesting
    OK, now that we've got all of the entirely-accurate "you don't need root" lectures out of the way, I'd like to share how I did get root on some boxes at the college I work at.

    I started here 5 months ago. One of the things that got me the job was being able to tell my boss that "I know Linux", I've been running my own and a previous employer's web and mail servers for five years, etc. But that's not in my job description; it's someone else's job. In today's downwardly-mobile economy, I'm a mere "Technician" here.

    I didn't push it. When a problem with DNS cropped up, I used my knowledge of how DNS works to help troubleshoot it, passing useful information to my boss and to the guy responsible for fixing it. A couple months later when we started having problems with DHCP, I stayed late helping to troubleshoot. When it happened again the next week and I was the only other person around, my boss logged me in under an account with root privilege (she has it because she's the boss, not because she's qualified to use it) so I could restart dhcpd. The next time, she actually gave me root, and I figured out what the problem was... but let the official admin get it working. After that, I kept my privilege to maintain the DHCP system to make sure it stayed operational.

    That sounds like the end of the story, but it continues: I determined that the real problem with DHCP was that we didn't have enough addresses to accommodate student laptop plug-ins. I suggested a solution, and the boss let me do it: set up an old P2 box running Coyote Linux as a router, putting 30+ machines on their own subnet, thereby alleviating the problem (at zero expense). And on that box I don't just have root... I am root.

    --
    http://alternatives.rzero.com/
  9. Re:Webmaster needs root acces? by harikiri · · Score: 3, Interesting
    Reminds me of an advertisment I saw just a few days ago. The magazine is literally sitting next to me, so let me just grab it to refresh my memory...

    ...ahh here's the quote:

    "How many Developers run as Administrator on their development box? Our research shows 95% or more - despite this being a known practice which introduces deployment and/or security flaws in applications downstream!"

    Either way, it's an absolute PITA to do development without the freedom provided by having total access (installing third party packages/software, modifying permissions, configuring services). You can install applications like Sudo to grant elevated privileges on a case-by-case basis, but you have to be serious about it because there's a lot of configuration you have to do if you want to do it properly.

    Sidenote: My colleague who used to work for a bank told me a tale where he was not allowed to see what cron jobs were running on a system, but for whatever reason - had been given access to use /bin/cat with sudo. At one stage he "cat" the /var/spool/cron/tabs/xyz (or whatever the path is), in order to find out why some process was hogging the system resources. When he offered a suggestion on how to improve it - the admin looked at him oddly and was like "how do you know what cron jobs are running!?"

    --
    Man watching 6 MSCE's around a sun box, looks alot like the opening scene's of 2001:space odyssey...