Young kid?
Ha: [link|http://www.javelinsoft.com/RobinSharp.jsp|http://www.javelinso...om/RobinSharp.jsp]
I think not.
As far as your take on it, you show the pure admin side.
For me, Yes and No.
Depends on the quality of developers VS the quality
of the admins VS the guarantee that EVERYONE screws
up sooner or later. So the more harm the screwup can
cause, the more checkpoints need to be in place.
I also read the full /. comments to get many viewpoints.
I share a LOT of them.
I was the developer / DBA / admin. Then we hired
more programmers, so I was the developer / admin, but
adminning for more people.
And the occasional idiot programmer made my life
hell. Since it takes 6 months to fire someone
(unless they take a crap on the boss' desk), this
mean locking down the environment.
Or shaming them. I changed one guy's home directory
to read only, and setup a symlink to his working
directory, and called it "ASSHOLE". Ahh, the good
old days when you can get away with that behaviour.
Now I'd get canned for doing something like that.
He originally was going to complain to HR but then
decided to wear it as a badge of honor. When he
documented the project, it included the instructions
for "CDing into ASSHOLE". Project manager was PISSED.
Sometimes even the really good ones make a stupid
mistake. I have a really smart guy working with
us. He's the maintainer of the Perl ADO library.
And he did the equivelant of "chown -R oracle:dba /".
Very unhappy Solaris box.
Or what about the time my boss hit the wrong key
after using the up arrow too many times, and deleted
all the Oracle data files.
Very unhappy Oracle instance.
Or the time I had setup a fibre-chanel SAN, and
mistakenly reallocated the disk that a production
server was using to a development system. Both
had access. On the development side, I did a newfs.
The production database / call center was VERY
unhappy.
So we grew a bit more, and hired an admin. He wasn't
bad, he wasn't that good, he was OK. And I still had
all the passwords, so he did not slow me down.
We grew some more, and there were a couple of turnovers
on the sysadmin side. One left for a better job, one was
insane and was fired (scary time). We also hired a DBA so
relieve my burden on that side as the databases grew.
I finally hired a really smart admin but he's a bit young
and inexperienced on the business side, and tends to
overreact when things don't go his way. I figured after
about a year of working with me, he'd mature on the business
side and then he'd own the Unix systems, along with a #2
admin.
This was the time-frame of my SAN screwup. This poor SOB
worked about 40 hours straight along with the DBA and 2
programmers to fix my mistake. Trial by fire.
We had a re-org, and the equipment / admins started reporting
to the IS director, who was a MF bigot. He ignored the Unix
Oracle side, which got pretty bad in about a year.
Which meant the young admin got no real guidance, other
than what I could provide in terms of surviving his boss.
It also meant that the developers lost root / dba access,
which was usually the right thing. Except for me, of
course. I maintained root access on 2 boxes which were
my primary systems. Certain other developers got root/dba
on certain other boxes, but it is on a case by case basis.
Our new IS directory has a much broader viewpoint, which
means we get better service, but sometime it still when we
research problems I would like full access, but I don't want
the responsibility.
I know sometimes the admins play ping pong with the developers,
such as mandating desktop Linux security fixes but then not
supporting them when the update fails. A couple of emails later,
and all of a sudden they do Linux desktop support.
I know I had a large impact on the job longevity of certain
people in my company, so I probably get better service than
most. I also don't mind being an asshole and complaining up
the chain of command very quickly.
On the other hand, my requests are rarely trivial. When
I say a certain server is slow, I include the fact the
load average is low, that free memory is high, that CPU
utlization is low, top shows almost no usage, and network
lag for other systems on the same backbone subnet is fine.
This means a real problem with the server that I can't
figure out, so I need some help NOW. As this point, the
sysadmin had better NOT dismiss the problem as a whining
user.
Bottom line: If you are a pure admin, and were never a
programmer, you probably think the guy's all wrong. If
you are a programmer, and never had to admin, you probably
think the guy's all right. If you are / were both, you
KNOW he's partially right. But his is the pure coder viewpoint,
which discounts the level of damage most semi-competent people
can do, so most people MUST be restricted. A small subset can
have more power, but it is a tough call.
Sooner or later, I will have no root passwords. And if I lose
more than 30 minutes because of this, I'll whine to my boss.
If I lose more than an hour, I'll whine to the IS director.
Another hour, I'll then email the CTO. Depending on the severity
of my problem, I just may go into the server room and reboot
the Solaris box with a CD and hack out the root password. But
since that might be a fireable offense I better have damn good
reason.