Semi-operators using Root access all the time ?


 
Thread Tools Search this Thread
Operating Systems AIX Semi-operators using Root access all the time ?
# 1  
Old 03-11-2009
PHP Semi-operators using Root access all the time ?

I am just curious about your opinion on something which I am against.

I work at the client location. Our office is very small (4 employees + 1 teamlead where 1 employee per 12hrs shifts) and we are responsible to process the reception of external files into the client's database via some tools. We work directly on the client's system. I would not call us operators as we really do not do operator work. We simply execute a few script to process those files, start a batch update process, do backups, do tapes shipping/receiving and a few reports. The criteria to be hired here is very little knowledge about Unix. In fact, you could be hired with no knowledge at all as all we do is day to day tasks listed in a checklist and binders.

But the thing is, the way it was set up here, is that all of us logon on to the system and then 80% of the time, switch to root to do our work. I find this very dangerous as you could very easily mess up the system. I am not an admin but I could be considered as the one with the most experience here and the one who is thinking more about security, bullet proofing and so on. The majority of the script written here were made by someone who has no knowledge about programming (just stuck a few commands in scripts to do the work without any validations at all and assuming everything will always work in the perfect conditions). I had done scripts in the past and I would not even call them scripts.

Following an initiative of mine, I have been given the responsability to automate/improve all of what we use. In my mind, I am thinking more about bullet proofing, reducing time and human errors. There are so many places where human errors can be very easily done and have happened too. The fact that we almost always use root access does not help at all.

So I am thinking of getting rid of root access and simply giving permissions to employee's id to do the work. As almost every scripts have been coded to assume root access is being used, some of the system access and DB will probably have to be looked at to see if permissions can be changed too.

What do you think ? Am I right in wanting to get rid of root access ?
# 2  
Old 03-12-2009
Quote:
Originally Posted by Browser_ice
What do you think ? Am I right in wanting to get rid of root access ?
Smilie
Absolutely. Anyone who uses root should have the skills required to recover from any error committed as root. This includes rebuilding the system from scratch. You seem to have no system administrator at all. That's like being in a plane with no pilot and everyone has access to the cockpit.
# 3  
Old 03-12-2009
Quote:
Originally Posted by Browser_ice
What do you think ? Am I right in wanting to get rid of root access ?
Yes, as soon as possible! Someone who knows nothing of the risks of working as root shouldn't be allowed to do so. As a side question: Can they be held accountable if, by accident, they issue an rm -rf / ?(Do not execute this command. Never. Don't even think about it!) If not, get them off root access even sooner then possible.
# 4  
Old 03-12-2009
Yep, good idea. Best implement all scripts into sudo so they can just start them with/from their account and dont have to su. Basically remove root access of course for all but one other just in case you get ill/have holidays or something.

Maybe also implement some checks to those scripts for errornous input or something (getopts, case, ...).
Login or Register to Ask a Question

Previous Thread | Next Thread

10 More Discussions You Might Find Interesting

1. Ubuntu

Root access that can't change root password?

We are having a little problem on a server. We want that some users should be able to do e.g. sudo and become root, but with the restriction that the user can't change root password. That is, a guarantee that we still can login to that server and become root no matter of what the other users will... (2 Replies)
Discussion started by: 244an
2 Replies

2. SuSE

Auditors want more security with root to root access via ssh keys

I access over 100 SUSE SLES servers as root from my admin server, via ssh sessions using ssh keys, so I don't have to enter a password. My SUSE Admin server is setup in the following manner: 1) Remote root access is turned off in the sshd_config file. 2) I am the only user of this admin... (6 Replies)
Discussion started by: dvbell
6 Replies

3. Shell Programming and Scripting

How to give root access to non root user?

Currently in my system Red Hat is installed. And Many user connect to my machine via SSH Techia Terminal. I want to give some users a root level access. Can anyone please help me how to make it possible. I too searched on the Google but didn't find the correct way Regards ADI (4 Replies)
Discussion started by: adisky123
4 Replies

4. UNIX for Dummies Questions & Answers

How to allow access to some commands having root privleges to be run bu non root user

hi i am new to unix and i have abig task. i have to \run particular commands having root privileges from a non root user. i know sudo is one of the way but i need sum other approach kindly help Thanks (5 Replies)
Discussion started by: suryashikha
5 Replies

5. AIX

root access

Hello I have a question. I have a box with Aix 5.3 but I want to disable root access direct from any terminal or console. I mean If I want to login to 10.10.10.10 login:root password ********* Root access is not permited Which file I have to edit. to the users first login with... (4 Replies)
Discussion started by: lo-lp-kl
4 Replies

6. HP-UX

Creating a "semi" root user? Is it possible?

Hello All, I work as a system admin at a company of about 600 users on a HP-UX server. We have an IT department of about 15. My problem is that we give out the root password to the majority of them, they are phone support techs, as they need to get in to kill processes and setup users and... (4 Replies)
Discussion started by: Setan
4 Replies

7. Shell Programming and Scripting

To What files root does not have access to??

Hi, I just wanted to know to what files root does not have access, not even read....I read that .profile for any user is the only file which root cannot access is it true..??...If we have to use passwords and ID's in a script can we use them in .profile and call them as parameters..??? ... (3 Replies)
Discussion started by: mgirinath
3 Replies

8. UNIX for Dummies Questions & Answers

To What files root does not have access to??

Hi, I just wanted to know to what files root does not have access, not even read....I read that .profile for any user is the only file which root cannot access is it true..??...If we have to use passwords and ID's in a script can we use them in .profile and call them as parameters..??? ... (2 Replies)
Discussion started by: mgirinath
2 Replies

9. SCO

root access

We have SCO 5.0.5 and can't log into system as "root". The system indicates the password is incorrect. No one knows what happened. How can we resolve this issue.. Are there files we can restore from backup...? Any suggestions would be appreciated. Thank you.. (2 Replies)
Discussion started by: RBurer
2 Replies

10. Linux

how to access root priveliges if root password is lost

wish to know how to access root password it root password is forgotten in linux (1 Reply)
Discussion started by: wojtyla
1 Replies
Login or Register to Ask a Question