Slashdot Mirror
A Sysadmin for Sysadmins?
crazyharry asks: "I have recently been hired to be a system administrator to a bunch of system administrators. Aside from my personal experience, which is probably biased, I would like to know from the disproportionately large number of IT people here: if you, as a system administrator, were forced to have a system administrator, what would you expect of that role? How would you want your business machines (not the ones you admin, but your daily use machines) managed, if they were not up to this point? This is a mixed environment (Windows, Mac, and Linux/Unix), so feel free to assume I've already heard the 'leave me the FSCK alone' comments. What other issues are probably going to crop up, if you have been in a similar situation?"
in my experience, there are 2 completely differnt types of sys admins:
/. you are more the "people first type"
- ones who think computers are their clients
- ones who think people are their clients
both have their plusses and minuses. it seems that some people fit one camp - other people fit into the other camp, and they don't easily change. personally I prefer the sys admins who focus on the people first, and get the computers to meet their needs. I'd make sure in your case you know the expectations of the people who you work for and work with and see if you fit their expectations.
I would guess from your post, and the fact you wanted input from a large group of people on
Good luck!
....than how your sysadmins would run their network.
.exe file attachments, which is good for you.
You keep it open enough for them to do their job, and not much else, provide the proper storage and network services that they require, and that's about it. What I see as the main difference is that your users aren't dumb enough to open
Expect a lot of griping from your sysadmins, mainly involving filtering out Quake server traffic, if it comes to that. You have a job to do, so just do it.
You're in for a tough job. This is bound to be even worse than managing a group of programmers.
Proverbs 21:19
Also, don't be afraid to impose restrictions on the other administrators. Communicate clearly why these restrictions are required, and where possible, allow the administrators to make their case as to why they need the restrictions listed. Listen to their arguments, and alter your guidelines if needed.
If you have time and money, play with the budget you have at your disposal to make life easier for yourself and your charges.
Don't enforce; Provide.
This seems to be the opposite of what other people say, but as a sysadmin who has a sysadmin I can say I like mine because I never have to apply my sysadmin-ing to our internal computers. I don't expect to be given Special Powers just because I've got root somewhere else, but I expect the same quality of service I deliver to our external clients (well, OK, I expect better than that).
I'm not root on our local Linux boxes; I'm not a domain admin on our local Windows domain (though I think I'm a schema admin for some reason) -- I don't want to be. I want the local resources I need to connect out and do my work, and I don't want to have to think about them.
YMMV.
All's true that is mistrusted
Two thing thats piss me off the most usually is limitations on my access, or annoying security measures, both of which I look at similarly because they are different sides of the same coin often. I host a website on a host where I don't have root access. They are supposed to be good, and a place geeks like to host, and for the most part they are. But having no root access can be annoying. For example, the machine load average was very high for some weeks. It would shoot up to something like 10 or 20 times the number of processors for an hour and then go back to normal. My e-mails to the techs didn't do anything for some weeks. My ps only let me see my own processes, I couldn't see what processes were hogging the machine. The first time they checked, the spike hadn't happened, so they had no idea what was wrong. So they were slow to do anything about it, I had the ability to better diagnose what was wrong. Eventually I ran a script that did an uptime every minute and wrote it to a file. But after two days they killed that - that's another thing, they killed a script that I was running. Although if it was an attempt to find this rogue process, I didn't care as much. Anyhow, eventually they fixed the problem.
Another thing that happened with these hosters, which again is related to me not being able to see system processes with ps - one day my password protection for directories (htaccess) died. I had to recreate everything with their automatic system in terms of the htaccess and htpasswd files. I couldn't see what user was running our Apache web server processes, I just had no idea why it broke.
Once I worked at a company where you needed SecureID to log into their machine for customers, among other security provisions. I thought it was rather silly - I only read mail from the machine, and not much else, why do I need a SecureID card to do that? Wasn't ssh enough? Did I have to carry around a SecureID card just to access this one machine and my e-mail which I read with pine? Again, a mixture of limited access and what I felt was unnecessary security is what pissed me off. Our company had a lot of smart programmers and sysadmins, I'm sure anyone motivated enough to hack in could get in and get root despite the SecureIDs. It sort of reminds me of the World Trade Center. The security to get in was ridiculous after the first bombing. But they hadn't walked into, but drove into the building the first time, so why was taking my picture and other silly measures necessary? It did little for them as they eventually got flown into, which destroyed the buildings. As I said, once something becomes a target for somebody motivated enough, there is little you can do.