Trouble at the 9th layer.

Matt Shields matt-urrlRJtNKRMsHrnhXWJB8w at public.gmane.org
Sun Nov 29 11:03:12 EST 2009


On Sun, Nov 29, 2009 at 12:01 AM, Rich Braun <richb-RBmg6HWzfGThzJAekONQAQ at public.gmane.org> wrote:

> Dan Ritter <dsr-mzpnVDyJpH4k7aNtvndDlA at public.gmane.org> suggested this warning about dev root:
> >   Attempting to violate this policy once will result in a
> >   warning. A second attempt will probably be considered grounds
> >   for termination of employment.
> >
> >   If you think you need expanded privileges on any machine,
> >   please contact the sysadmin staff ...
>
> Heh.  I am the guy in charge of the dev servers where I work.  If I sent
> that
> out, the devs would instantaneously go over my head and I'd get a CTO or VP
> directive that so-and-so gets root, period, on all dev boxes (and I've even
> gotten that directive for two of the devs on all /production/ boxes).
>
> I try to bend over backwards and give the devs what they need--quickly--but
> this is a battle I have not figure out how to win, at least in a small
> company
> (IT organization of about 25-30 with 6 to 10 developers).
>
> But maybe it's a battle I should try again soon because most of the
> long-time
> hires have disappeared--a lot of this office politics depends on longevity,
> and now only one of the developers has been there longer than me.
>
> ISO 7-layer model: 8th layer = finance, 9th layer = politics.
>
> -rich
>
> _______________________________________________
> Discuss mailing list
> Discuss-mNDKBlG2WHs at public.gmane.org
> http://lists.blu.org/mailman/listinfo/discuss
>

We've been stuck in the position of having a draft of an acceptable use
policy that described everything including the previous suggestions.  But
when it comes down to it the CTO or other executives didn't feel that we
needed implement one.  When it came to dev's access, it's always been give
them whatever they want to do their job, even if that meant that they had
root access on production boxes and they caused outages because of what they
did.  Being the 3rd Ops manager to take over, I'm not happy to just stand by
and watch our dev's cause more problems than help.  First step is to
implement sudo and let them do their job while not giving them root access.
But as I mentioned, we have one guy who seems to think that he can go around
sudo by dropping to shell.

-matt
http://www.sysadminvalley.com
http://www.beantownhost.com
http://www.linkedin.com/in/mattboston
Joan Crawford<http://www.brainyquote.com/quotes/authors/j/joan_crawford.html>
- "I, Joan Crawford, I believe in the dollar. Everything I earn, I
spend."





More information about the Discuss mailing list