The Politics of Root Access
Who needs administrative privileges on a network or website? The network admin obviously does. But others ask for root access, too, whether or not they truly need it. How should an admin—or the IT manager—handle the sensitive political situation when someone asks—no, demands—admin rights for a system when he really shouldn't have them?
This is not a hypothetical situation. Recently, I lurked on a converation in a network admin's discussion group in which one network admin's plight highlighted all the issues in one fell swoop. I'm reposting the meat of the original query here, with his permission, after removing specifics which might give away the poster's identity.
"More often than not," my online buddy wrote, "I find myself in a situation where someone 'higher' than me asks for access to a system, and they feel that their request is beyond question. This person may be the project manager for a project or someone above me in the food chain, but invariably they are always shocked and appalled that I asked why they need the root/admin password to the system. And then that's when the chain of meetings start, to discuss why am I being difficult, not a team player, etc."
"I may not be universally approachable, but I've always politely and respectfully asked my questions to get an understanding of what they were looking for," he wrote. "Experience tells me that often times they think they need root access but really all they need is sudo or a certain right granted, not full blown privileges to the entire system, if they need access at all. But from where I'm sitting, their anger seems to stem from, "This peon spoke back to me; how dare he.'"
For example, at one place I worked at in a time far away, the webmaster asked for the root password to the web servers. I asked him why he needed that kind of access, and the only response I could get was, "Because I need it." Of course I said No. A few days later I'm pulled into a meeting with the head of IT, my manager and the webmaster to discuss why I'm refusing to work with the webmaster.
Users who don't know the operating system certainly shouldn't have the keys to the kingdom, but sometimes that's exactly what they demand. No admin wants to give access to a webmaster who asks, "What's a shell?" The admin doesn't want to be a pain. He just wants to do his job, which is to secure the network and keep it running correctly.
Other admins in the discussion offered what I think are a pretty good list of policies for the network admin to adopt. I'm sure these aren't the only good Rules to Live By we could come up with, but they're a good start.
But before I let you peek at the suggestions, I'd like you to think about this for a moment. Whether you're an admin yourself, a programmer (who believes she needs root access to the production website to solve a development problem), or an IT manager... what's your response to the dilemma? You're the boss, after all; how would you solve this common source of friction? Even if you aren't moved to post a response here (and really, I'd love to see your own solution), scribble down a few thoughts. What would you do?
Got that done? Really? Okay, let's take a look at the suggestions other admins made, so we can compare their
Previous Post: Teaching Kids to Program, or Don't Try to Teach 8-Year-Olds Java...Next Post: Fighting the Superstitions of Software Development: Questioning the...
What is Tech Briefcase?
TechBriefcase is a new, free service where IT Professionals can Search, Store and Share IT white papers and content like this. Learn more
Bookmark content
Speed up your research efforts with content across the web.
Search and Store
Find the white papers you need. Create folders for any topic.
View Anywhere
Open your briefcase on your iPhone, tablet or desktop. Share with colleagues.
Most Discussed Posts
Cloud computing has emerged as one of the most significant game changers to hit the technology landscape in the past 20 years. With this massive expansion of the cloud, the perception of the IT organization is shifting from a utility player to a change agent. This eBook breaks down five ways progressive organizations are using cloud-based IT Management solutions to help drive innovation and become more strategic, including: adding visibility and analytics, speeding up time-to-value, lowering costs, improving prioritization, and providing a blueprint for future cloud deployments.
Read the white paper to see how IBM helped Citigroup deliver new services and enhancements to their 200 million customers faster.
There are 3 ways to modernize legacy applications: rewrite completely, acquire packaged solutions or migrate existing code. This paper explains why it's best to migrate and how IBM® Rational® software can help.
Accommodating specific lines of business can result in a hybrid ecosystem of applications and servers. The resulting complexity of this architecture makes for an environment that is costly to maintain and difficult to change when addressing new challenges.
This whitepaper will help you to define a mobile device passcode policy. Security managers must attempt to reconcile two opposing goals. They must: 1) create a passcode policy that is strong enough to protect the device if it is lost or stolen, while: 2) not annoying users with needless length or complexity.
This whitepaper, authored by The Radicati Group, looks at the key reasons organizations should consider moving to a cloud-based archiving solution. Email archiving solutions enable organizations to store, monitor, and collect electronic data exchanged by their users to comply with internal policies and regulations.
ATERNITY will showcase a 30-minute demo on how Fortune 500 companies are leveraging its award-winning FPI Platform to deliver a user-centric approach to Proactive IT Management.
For businesses to move forward and tap into the ever-expanding universe of Internet users and network-enabled devices, it's critical to learn how to make the transition to IPv6. Learn the critical steps your organization must take to make a seamless transition-and keep your business world connected.
Learn how IT teams can protect against spear phishing tactics. Harry Sverdlove, chief technology officer of Bit9 offers a frank discussion about spear phishing - the most common technique used in today's advanced attacks.
Learn how to build a solid business case for your migration to Red Hat Enterprise Linux so you can run leaner, innovate faster, be more flexible and own the New Now.
Social media isn't about you; it's about everything around you. As you consider how your customers want to communicate with you, social media is something that can't be ignored. But what should your strategy be? Is social media "just another channel?" What kind of a plan makes sense for your contact center and for your customers? Join our experts as they share their insight and research results.
Hardware tokens were a popular method of strong authentication in past years but the cumbersome provisioning and distribution tasks, high support requirements and replacement costs have limited their growth. The additional log-in steps that hardware tokens require and the resulting user frustrations have limited adoption and make them impractical for larger scale partner and customer applications.
Sponsored Links
