Use of Root

[dsr at tao.merseine.nu (dsr at tao.merseine.nu)]

On Tue, Feb 01, 2005 at 08:36:58AM -0500, Kevin D. Clark wrote:
> 
> Jerry Feldman writes:
> 
> > Does the business want its programmers to spend 
> > time installing and maintaining software?
> 
> OTOH, does a business want its programmers twiddling their thumbs
> waiting for the IT staff to maintain and install software?
> 
> There could be any number of reasons for this situation:  overworked
> IT staff, the IT staff might not know how to install and maintain the
> software, the IT staff might not be familiar with the programmer's
> needs.  Etc.

Speaking from the IT side:

Policies need to fit business requirements. Typically a company
has at least three classes of users:

- normal users, who can't be trusted with root even on their own
  systems; they just make more work cleaning up after them. Some
  of these want root anyway. There needs to be a policy in place
  to prevent that, or else you get frazzled IT staff in a hurry.

- programmers and engineers who may need root for hardware
  access, certainly want a comfortable, customized environment,
  but don't want to be IT staff. Single-box sudo is often a good
  option here; so is having a responsive IT team.

- IT and quasi-IT folks (like the person who runs a testing lab,
  or a build/release engineer) may need widespread root privs,
  but should be using sudo rather than su as much as possible.

Overworked IT staff generally indicates a lack of proper tools
as well as a possible headcount problem. IT staff being unable
to install and maintain software is strongly dependent on the 
software itself; good software choices essentially eliminate
this.

Good software infrastructure, and good selection of software, is
the key to success.

-dsr-

-- 
Nothing to sig here, move along.