Slashdot Mirror
Common Traits of the Veteran Unix Admin
snydeq writes "Deep End's Paul Venezia offers a field guide to understanding your resident Unix veteran, laying out the nine traits common to this grizzled, hardcore set. From not using sudo, to wielding regular expressions like weapons, to generally assuming the problem resides with whomever is asking the question, each trait is key to 'spotting these rare, beautiful creatures in the wild,' Venezia writes. 'If some of these traits seem anti-social or difficult to understand from a lay perspective, that's because they are. Where others may see intractable, overly difficult methods, we see enlightenment, borne from years of learning, experience, and overall, logic.'"
vim? svelt? Puhleez. When not using ed(1), Real Unix vets use Bostic's One True vi, not some fagged-up Vegas showplace of an editor like vim.
I'm actually rather impressed that this site still works in Lynx, what with all its new-fangled ajax hoohaa.
Really? When your job is entirely about being root, sudo is just getting in the way. I happen to have run systems in a serious environment, and we never used sudo. I would say if you have something to do that ISN'T root, you sir are teh nub.
You're both wrong, I'm right.
Not stupid at all. This guy is into root cause analysis as a process of understanding faults and finding lasting solutions. (See reference to "bandaids".) Covers up your tracks until the next crash. A fully functioning fault-free system working as designed should not require a reboot except for the cases outlined. Unless unix systems aren't as reliable as people like to assume...
Real sysadmins know when things get in odd states and can restart those things without rebooting.
Of course reboot tests are required to make sure the box will come back up correctly but those are to reset things, they are part of system testing.
Really. I consider it a sign of inexperience and an indicator that the admin has never had to clean up after someone else screwed something up as root. That may be the case if you are super meticulous and you've been the only admin everywhere you've been, but no serious environment only has one root level admin and I have yet to meet anyone who was really good and super meticulous all the time.
I'm doing sysadmin, maybe one out of 20 commands I type *have* to be run with root access. If I am doing them all as root then there is a much greater chance of making a mistake and committing that system destroying action or, even worse, doing something subtly bad that nobody knows about until later when it's too late. It also makes me think twice (instead of just once) before executing that command as sudo.
Sudo logs commands that were run, by whom, and when. Even if I didn't care about whether I was root all the time or not, having a log of what was done with that access can be an indispensable tool when doing system troubleshooting. It's also a handy way of telling if someone screwed something up or if j00 wuz pwndz.
To me, running around as root and not using sudo is like using vi to look at a config file you have no intention of editing or similar. It's too easy to slip up and do something wrong once you get "in the groove". Add a page at 4am to that or a situation where you're at the tail end of a 30 hour emergency maint and it's beyond easy to screw things up.
Uh, sudo isn't a tool, its a wrapper to audit trail your ass and limit what you can run. The only reason to have it apply to admins is to watch them. Otherwise it just gets in the way. Its not like it adds something to the experience for anyone. It doesn't keep you from making a mistake, it just keeps you from running commands that someone else has decided that you don't need access to. That's like saying that locking away guns prevents you from shooting yourself in the foot. Its does... unless you are in the Army and your job is to tote the thing around on patrol for days at a time. There are simply some times in life where you have to know how not to shoot yourself in the foot.
The only place I ever had it applied to me was when I worked in the financial services industry, and I understood their position. Even then, the sudoers file was so badly conceived that, had we wanted to, it would have been a simple matter to get a root shell. Its difficult to keep out the very people that you need to keep the system running. I'd argue that it is generally not even worth trying it at all unless a very unforgiving regulatory commission is breathing down your neck.
If you don't know how to use root access in a way that doesn't screw up your box, you don't deserve to have a job as an admin, period. Its not like its easy to bumble around on a command line and screw something up. There's really only one really easy thing to do that will potentially demolish a box and that's rm -rf * in the wrong directory and it is a rare sudoers file indeed that prevents a sysadmin from running 'rm'. You could argue a reboot or shutdown on a box with something like a database might be a problem as well, but after that, you actually need to put some effort in screwing up your host with the other commands. Even format/fdisk requires you to think about how you are going to reformat your disk.
I use sudo a lot... to make sure developers can't screw up boxes and do cute little tests in production. But my rule of thumb as an admin is that sudo is something that is inflicted on someone else.
vim? svelt? Puhleez. When not using ed(1), Real Unix vets use Bostic's One True vi, not some fagged-up Vegas showplace of an editor like vim.
That's like saying Real Unix vets still use telnet and rsh to remotely administer machines. Sometimes it's nice to be able to move up and down lines without having to leave edit/write mode. vim is used by Real Unix vets who have kept up with the times, just like ssh. Only washed up has-beens don't learn to eventually use better tools.
I have to go with the GP on this one. It's not that vim is inherently bad, it's just that it's *unnecessary*. It includes tons of features that an old-school admin has no use for. Sure, most of us use it anyway because modern Linux systems usually don't include our good friend vi (it's usually just a symlink to vim), but we rarely use the features that separate vim from vi. Moving in and out of edit mode is second nature. Hell, even using the arrow keys to move around is a needlessly inefficient waste of motion, since the arrow keys are usually far from any other useful key on the keyboard. The first thing we do in vim is turn off syntax highlighting and silently curse whoever keeps turning it back on.
The comparison to ssh is inaccurate as well. We use ssh because ssh gives us clear security advantages over telnet and rsh, and allows us to use one tool where we previously needed two. Any Unix admin worth his salt, no matter how long and luxurious his neck beard, will gladly upgrade his tools to improve his own efficiency or increase security. SSH does both of those things, while vim does neither.
On a server, what could I possible need to do that doesn't require root?
"Man, if you gotta ask, you ain't never gonna know!"
For my file server 159 out of the last 500 commands featured sudo in them. On my database server, the number is 199.
On one of my main application servers, the user account for the service itself isn't even in /etc/sudoers. All of the maintenance and administrative tasks are done without resorting to extra permissions.
Crumb's Corollary: Never bring a knife to a bun fight.