Chris Davies schrieb: > Berthold Cogel <[email protected]> wrote: >> [...] we don't want them do be root for some reasons. > >> Surely they can break the setup if they want. But they gain nothing if >> they do. > > Your two statements seem to be mutually exclusive...? > > Somewhat puzzled, > Chris > >
It's a grown setup with a lot of small web projects running parallel! Each with it's own user/group. So if you're not root, you run into limitations if you have to manage this setup. For example the number of groups of which you can be a member is limited. You can handle a lot of things with extended ACLs and stuff like this. But not all. Now imagine that the users who create the webpages for these projects are very capable when it comes to shoot themselves in the feet. And you will have to fix all of this. And fast because it's always urgent. This is what our webmasters do. They need a lot of permissions but we don't want them to be root. And they don't want to be root either because of the responsibility. So we give them the means to do their work with as much 'protection' as possible and a minimum of annoyance. So if they need to bring an interface up, they can. If they have to reboot a system because of stuck processes, they can. But we want to see it in the logs. It's a grown setup... Now I would choose other methods, but it's not worth the effort to change things at the moment. Berthold -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected]
