[BBLISA] Guidelines for giving full root access to DBAs
Paul Beltrani
spamgrinder at gmail.com
Sun Aug 20 16:01:32 EDT 2006
On 8/20/06, Sharon Nagao <sharon.nagao at gmail.com> wrote:
...
> I was informed last week by my manager that the DBAs is to have full root
> access to all Dev and Test servers in our environment. Naturally, I
> objected, but to no avail. I was unprepared to discuss the matter and hence
> every objection given was met with criticism and the DBAs responded by
...
I expect you're a professional and know what your doing as well.
Insist you have admin right to the database, just in case you need to
debug a performance issue.
In all seriousness, I work in a shop that has dozens of Linux systems
running Oracle. None of the DBAs have or need root. (See below)
> In addition, I am to log everything they do. I am thinking of using sudosh.
...
Explain to your management that you do not have the time or resources
to play big brother. If they truly have the skills to be trusted with
root, why do you have to audit all that they do? Does your management
audit every command you issue as root?
> I would appreciate it if people would share their experiences with me. In
> particular, I'd like to know what I should look out for, what worked, etc.
...
Our admins don't have root access to ANY of the servers, test or
otherwise. Frankly, they don't need it. As I mentioned above we hove
dozens, possibly a few hundred Oracle systems. (You didn't mention
what kind of database.)
We do the following.
1) We have a standard build that takes into account Oracles
requirements. These are well documented by Oracle and easy to
preconfigure. For example, there are changes to Kernel parameters,
modifications to setup raw devices, changes to some startup scripts,
creation of default accounts etc.
Again, this is all well documented and simple enough to preconfigure.
In general, these are done ONCE when the system is first built. After
that, there is little to no need to make additional changes at this
level. If the DBAs insist they need to do this often, you could
simply script it and let them fire it off via sudo.
2) There ARE a couple of scripts that need to be run as root when
first setting up a database. For these, the DBAs simply ask one of
the Sysadmins to run it for them. As these are only run at install or
reinstall it doesn't happen often. It also doesn't take much time. I
would rather handle a five minute interrupt every now and then than
deal with the inevitiable cleanup of handing out root to those who
don't need it.
If they make the argument they need root for these scripts you can
simply setup sudo to run them. (There are fewer than 5). Sure they
can break out of sudo if you're not picky about how you set it up.
However that would be clearly crossing a boundary on their part and
would, I hope, result in some action by your management.
It really is as simple as the above two items. Root just isn't required by the
DBAs.
- Paul Beltrani
More information about the bblisa
mailing list