Problems with sudo
Dan Ritter
dsr-mzpnVDyJpH4k7aNtvndDlA at public.gmane.org
Mon Nov 30 14:45:24 EST 2009
On Mon, Nov 30, 2009 at 02:24:59PM -0500, Kevin D. Clark wrote:
>
> Dan Ritter writes:
> > On Mon, Nov 30, 2009 at 12:49:21PM -0500, Kevin D. Clark wrote:
> > > Dan Ritter writes:
> > >
> > > [in a hypothetical memo from senior_manager]
> > > > Root or administrative privileges are available by default for
> > > > your desktop (or laptop) systems. You must keep the existing
> > > > /etc/sudoers file intact to allow sysadmin staff to assist
> > > > you.
> > > >
> > > > No one will directly use a root or administrative privileged
> > > > account on any development or production system, except for
> > > > authorized sysadmin staff. Privileges may be granted via
> > > > 'sudo' for specific users on specific machines.
> > >
> > > OK, I'll bite.
> [...]
> > If it's your desktop machine or the moral equivalent thereof, you install
> > it yourself, preferably from the company's local repository.
>
> I agree with this. But then again, all of the machines that exist in
> my work area are either my "desktop" machines or my "development"
> machines, and, just to be really really clear, the line between a
> "desktop" machine and a "development" machine is pretty fuzzy in my
> book. I don't get hung up on trying to precisely define the lines
> here either, and all that I've ever done with desktop/development
> machines is make companies money...
Ah. It's a much cleaner demarcation over here: a desktop or laptop or such
is a machine that sits on your desk and has a nice screen or two and is
set up the way you want it. You do your email and your IM and your word
processing and expense reports and so forth on it. It doesn't matter if
it's a Mac or a tutti-frutti Linux box or what have you. We don't back it
up, and we expect that the worst that happens if the disk goes bad on it
is that you borrow a sub-optimal machine until we get you a replacement.
Development machines aren't on your desk, even if you're the only person
who ever uses it. It might be under your desk, it might be in a machine
room. It replicates some sub- or super-set of one or more production
configurations, in a way which makes sense for the projects you work
on. The object of a dev machine is to build and test software that you
keep in the version control system and eventually is committed into a
production release. Along the way, it goes to alpha, QA, and beta.
A few things fall out of this approach. You can work anywhere you have
a net connection. You pretty much can't work without one. Everyone can
telecommute, and on snow days, most people do. If you are sick but still
mentally functional, you can just work from home. The office net
connections become extremely important.
--
http://tao.merseine.nu/~dsr/eula.html is hereby incorporated by reference.
You can't defend freedom by getting rid of it.
More information about the Discuss
mailing list