[nSLUG] Dealing with a superior who believes they need root

Rich budman85 at eastlink.ca
Fri Nov 3 17:23:27 AST 2006


On Wed, 2006-11-01 at 20:13 -0400, D G Teed wrote:
> This is not specific to Linux, but as it touches on best practise for
> *nix, I thought it might be an interesting discussion for the group.
> 
> This happened to a friend of mine...
> 
> Suppose your *nix savvy boss is laid off, a junior manager is
> made into your new boss, and they know Windows and
> networking and just enough Perl to be dangerous.
> 
> The new boss has root access to the DHCP/DNS server
> through legacy arrangement, and uses it to update
> host management shell and Perl scripts.  In the course
> of doing that, (a) a cron script is left in an edited and untested state,
> breaking DHCP, (b) /etc/init.d/dhcpd is edited for the sake of
> the cron (rather than making PATH set in a wrapper script),
> and (c) a dhcpd.log archive is accidentally deleted.
> 
> After the third problem, the sys admin asks the boss's boss
> if they can remove the boss with root from that level of
> access and use groups for read only access that the
> network staff need to use.  However the boss's boss
> knows little about IT - is a financial manager actually.
> 

Did you try addressing it with the new manager?
Maybe show him the problems that *suddenly* appeared (backup often).
Tell him, we had to do this and this to recover it.

Add..  We'll check if there was a security breech, not sure how these
were changed.   Let him own up to his mistakes.  Often times, they get
the hint.  

I know where you're coming from - we the admins follow the guidelines we
were told to design and implement.  Managers often think the rules don't
apply to them.  I ran into the same issue, our manager changed some
stuff before he left for vacation to the Bahamas.  Never bothered
notifying us of the changes.

Things worked fine until we had to reboot some servers.  Then all hell
broke loose - networks were down, servers wouldn't link... oh man, it
took us a few hours of tracing and then when we found it... "who the
hell changed the route lists!!!"

He got a call on the beach - he didn't think the small changes of
network masks would effect anything.  It turned out a small typo in an
untested script.  He never lived that one down, we had guys from NY
checking the T1 lines, it was bad.  From that day forward, he backed off
editing the systems, and let us do our job. :)
 

Good luck :)

Rich


!DSPAM:454cae1350569642310505!




More information about the nSLUG mailing list