Reposted from: alt.sysadmin.recovery Subj: news_082302Z30121994-anon_penet.fi
What do you do when your co-workers is an idiot? One of mine is a lot
like a cross between Frank Burns and Ted Baxtor and it's driving me crazy!
For the past four months or so, we've been moving a database system
>from a standalone machine to one that's connected to the Internet.
Most of my work involves administering the other machines on our
network while another administrator, we'll call him Leon (because
that's his name), runs the database machine. Since the old database
machine is a stand-alone and virtually all of its users know next to nothing
about Unix, he's gotten away with running the machine like a PC (massive
ammounts of world-writeable files, setuid shell scripts, jumbled code
everywhere, etc.).
This is no longer acceptable (not that it ever really was...at one point,
someone deleted 'ls'. When he finally figured out what was wrong (it didn't
occur to him to use 'echo *') he was surprised). I've done my best to try to
make him understand and be more careful to no avail. I'm at my wits end.
Within the past month alone, he's:
* moved the entire database development directory structure somewhere
else (he thought he'd deleted it and hadn't made a single backup in
the entire four months)
* left a world-readable file containing encrypted passwords for every
user on the network lying around
* didn't have permission to do something so he did a 'find' on a
directory and created 2,308 suid files and directories, (including
shell-scripts) many of them world-writeable, and left it that way.
ARGGGHHHH!!!!
When a puppy makes a mess in the house, you rub its nose in it till
it learns better. When a child makes a mess, you explain why what
he did was wrong and make him clean it up. None of these strategies
seem to work with Leon, and I can't (unfortunately) just kick him out.
I've come to the conclusion that desperate circumstances require desperate
messures, so, this is what I plan to do:
* log (virtually) everything to both a file (so I can swatch it) and a
printer (to make it hard to edit and so I know what was going on before
the filesystem that contains the logs crashes)
* continuously run (niced appropriately) a "leon daemon" (basically
a modified COPS) in an attempt to catch future indiscretions quickly
* use tcp_wrappers to severly limit access to that machine from the
outside world
* disable root logins so that anything done as root must go through
'su', at least, and preferably 'sudo'
I realize that there isn't a foolproof way to protect a system from a
dangerous root user, but other suggestions, ideas, similar stories, moral
support, etc. would be greatly appreciated.
-------------------------------------------------------------------------
To find out more about the anon service, send mail to help@anon.penet.fi.
Due to the double-blind, any mail replies to this message will be anonymized,
and an anonymous id will be allocated automatically. You have been warned.
Please report any problems, inappropriate use etc. to admin@anon.penet.fi.
Reposted from: alt.sysadmin.recovery Subj: news_Pine_SUN_3_91_941231183049.4504A-100000-wabash_iac_net
SUPPORT IS HELL: The Torture Never Stops
"Oh, yes, we're working on that right now, sir!" (You're $%#* of of luck,
buddy!)
"Support is hell, Jeff. I don't know what to do."
"Try some M&Ms."
Chapter 2: The 9 Types of Supporters
1: THE NEW KID:
"Do you have a dog? ... My name? I'll have to get back to you on that."
ADVANTAGE: Can be used as backup often.
DISADVANTAGE: Is incapable of remembering anything even if told four or
five times.
2: EAGER BEAVER:
"Sure, I can write an emulation program by this afternoon ... one of those
new boxes? I'd sure like to get my fingers into one. I think I know
where there's one just down the hall ... "
ADVANTAGE: Works hard.
DISADVANTAGE: Makes a lot of work for everyone else.
3: THE KNOW-IT-ALL:
"Well, I could tell you how to do that ... but I think I could recommend
a better approach ... "
ADVANTAGE: Closes lots of calls.
DISADVANTAGE: If he doesn't know the answer he makes one up.
4: THE PSYCHO:
"READ MY LIPS, YOU BOZO! Are you STUPID or something?! YOU CAN'T DO THAT!"
ADVANTAGE: Scares customers away.
DISADVANTAGE: His hobby is collecting guns and you can't sleep at night.
5: THE ASPIRING HACKER:
RING taptaptaptap RING RING taptaptaptap RING RING RING taptaptaptap
RING RING RING RING "Will someone get the phone?" taptaptaptap
ADVANTAGE: Answers questions about OS schedulers and internals of
IO drivers.
DISADVANTAGE: Works on everything but what he's supposed to do.
6: THE COUNSELOR:
"Oh my. Oh dear. Uh huh ... yes ... and then what happened? ... yes,
I have plenty of time ... oh, no, no problem, that's my job ... "
ADVANTAGE: Soothes angry customers.
DISADVANTAGE: Capable of instant jekyll-&-hyde transformation into psycho.
7: THE INTIMIDATOR:
"Why did you do THAT?! Haven't you had any TRAINING?! Don't you know
Section 5.1.2.1.1 of the IEEE spec?!"
ADVANTAGE: Customers don't return call.
DISADVANTAGE: May become your boss.
8: THE VET:
"Oh! That's there for backward compatibility. They added it in rev
2.00.03 but they didn't document it."
ADVANTAGE: Solves the most obscure problems casually.
DISADVANTAGE: Prone to long, tedious, rambling flashbacks.
9: THE CRISPY CRITTER:
"I don't know. I don't care. Your problem, that says it all, I have
my own to take care of. Why are you using this product, anyway?"
ADVANTAGE: He's still working.
DISADVANTAGE: He's yourself three years from now.
--
Amy L. Ward
Customer Service Engineer
American Computer Solutions
othello@iac.net
"Madam, there's no such thing as a tough child -- if you parboil them
first for seven hours, they always come out tender." -- W.C. Fields
Jesper Nilsson // dat92jni@ludat.lth.se or jesper@df.lth.se