A Sysadmin for Sysadmins?

crazyharry asks: "I have recently been hired to be a system administrator to a bunch of system administrators. Aside from my personal experience, which is probably biased, I would like to know from the disproportionately large number of IT people here: if you, as a system administrator, were forced to have a system administrator, what would you expect of that role? How would you want your business machines (not the ones you admin, but your daily use machines) managed, if they were not up to this point? This is a mixed environment (Windows, Mac, and Linux/Unix), so feel free to assume I've already heard the 'leave me the FSCK alone' comments. What other issues are probably going to crop up, if you have been in a similar situation?"

2 types

[drDugan]

in my experience, there are 2 completely differnt types of sys admins:

- ones who think computers are their clients
- ones who think people are their clients

both have their plusses and minuses. it seems that some people fit one camp - other people fit into the other camp, and they don't easily change. personally I prefer the sys admins who focus on the people first, and get the computers to meet their needs. I'd make sure in your case you know the expectations of the people who you work for and work with and see if you fit their expectations.

I would guess from your post, and the fact you wanted input from a large group of people on /. you are more the "people first type"

Good luck!

Not much difference...

[yuriismaster]

....than how your sysadmins would run their network.

You keep it open enough for them to do their job, and not much else, provide the proper storage and network services that they require, and that's about it. What I see as the main difference is that your users aren't dumb enough to open .exe file attachments, which is good for you.

Expect a lot of griping from your sysadmins, mainly involving filtering out Quake server traffic, if it comes to that. You have a job to do, so just do it.

A Suggestion

[Mr_Tulip]

Delegate responsibility to the sysadmins, and set up guidelines as to who is responsible for what. Generally, be more of a manager than an active administrator.

Also, don't be afraid to impose restrictions on the other administrators. Communicate clearly why these restrictions are required, and where possible, allow the administrators to make their case as to why they need the restrictions listed. Listen to their arguments, and alter your guidelines if needed.

If you have time and money, play with the budget you have at your disposal to make life easier for yourself and your charges.

Managing people or machines?

[cswiger2005]

Is your job to manage a team of sysadmins, or just manage a bunch of desktop machines which happen to be used by sysadmins? The latter is generally a lot easier, although some admins can get as picky about someone managing their personal box as any huffy user.

If you're just managing the machines, make sure you've got a software baseline (start with, what software do we have and how many legit licenses have we paid for), and make sure that all of the machines which are supposed to have that stuff do, and it is patched and up-to-date. Keep a mental checklist of any machines which have severe problems; that may not be the sysadmin user's fault, but it still ought to be a warning sign.

Sysadmins always seem to get buried in the never-ending stream of building new machines, or running Windows update, or virus-scanning, etc, but try to keep the team aware of longer-term goals beyond the humdrum of such routine daily tasks. Try to give everyone at least two long-term goals or tasks to complete: one that's fun or interesting or cool, and one that sucks or is boring but needs to be done. Make sure everyone knows that everyone has got to deal with some suckatude, publicly praise/reward the first guy who finishes a sucky task. On the other hand, if someone gives you problems or blows off the difficult task, make another public point of awarding another sucky task to the guy.

Only answer I can think of

[br00tus]

Since usually I'm the sysadmin, I can only think of machines I used where I didn't have root access, yet used the machines.

Two thing thats piss me off the most usually is limitations on my access, or annoying security measures, both of which I look at similarly because they are different sides of the same coin often. I host a website on a host where I don't have root access. They are supposed to be good, and a place geeks like to host, and for the most part they are. But having no root access can be annoying. For example, the machine load average was very high for some weeks. It would shoot up to something like 10 or 20 times the number of processors for an hour and then go back to normal. My e-mails to the techs didn't do anything for some weeks. My ps only let me see my own processes, I couldn't see what processes were hogging the machine. The first time they checked, the spike hadn't happened, so they had no idea what was wrong. So they were slow to do anything about it, I had the ability to better diagnose what was wrong. Eventually I ran a script that did an uptime every minute and wrote it to a file. But after two days they killed that - that's another thing, they killed a script that I was running. Although if it was an attempt to find this rogue process, I didn't care as much. Anyhow, eventually they fixed the problem.

Another thing that happened with these hosters, which again is related to me not being able to see system processes with ps - one day my password protection for directories (htaccess) died. I had to recreate everything with their automatic system in terms of the htaccess and htpasswd files. I couldn't see what user was running our Apache web server processes, I just had no idea why it broke.

Once I worked at a company where you needed SecureID to log into their machine for customers, among other security provisions. I thought it was rather silly - I only read mail from the machine, and not much else, why do I need a SecureID card to do that? Wasn't ssh enough? Did I have to carry around a SecureID card just to access this one machine and my e-mail which I read with pine? Again, a mixture of limited access and what I felt was unnecessary security is what pissed me off. Our company had a lot of smart programmers and sysadmins, I'm sure anyone motivated enough to hack in could get in and get root despite the SecureIDs. It sort of reminds me of the World Trade Center. The security to get in was ridiculous after the first bombing. But they hadn't walked into, but drove into the building the first time, so why was taking my picture and other silly measures necessary? It did little for them as they eventually got flown into, which destroyed the buildings. As I said, once something becomes a target for somebody motivated enough, there is little you can do.

Senior Administrator

[Alien54]

The point should not be to have your finger in everyone's pie. The analogy should be closer to a hospital with a senior surgeon, vs a manager of managers.

That said, if everything is working well, you become the buffer between the sysadmins and the rest of the world.

You get to be the one that goes to HR and complain about Clueless User #69 in cubicle 18 with his inappropraite visit to the wrestling website that installed spyware for a solid hour over lunch. You would also get to run the pilot projects before they role out company wide. You test the new toys, using the other sysadmins in fair rotation as project managers for the test.

You also get the really big headaches, like when Clueless User #69 is the incredibly cute and hot granddaughter of the boss, or some such thing (who never does anything wrong. No. Really.)