Re: Search machine is ready

On 14/2/06 22:17, "Joshua D. Drake" <jd(at)commandprompt(dot)com> wrote:

> Are you saying that Command Prompt is not a part of the community? Or
> myself for that matter?

Of course not. I'm saying that I consider the term community to mean more
than 1 entity within our collective group.

> 1. This is the way that Command Prompt, Inc. does hosting for all people
> that it hosts. Nobody gets root access.

But you say below you are not a hosting company?!?!

> 2. You still haven't provided a single reason why you "need" root access.

Yes I did. Not the best admittedly, but all valid reasons.

>> as the people who ultimately have to make sure these things work we do not
>> feel that having to rely on (for example) a level 1 support tech in the
>> middle of the night who has no idea what our server does or how it works is
>> in any way a good thing.
>
> What level 1 support tech would this be? I don't have any level 1
> support techs. Remember, we are not a hosting company.

OK, whoever gets the pleasure of answering the phone at 3AM your time and
being told to fix X, Y & Z now because someone has found a way to spam
through some bit of sofwatre previously thought to be secure.

>>
>> This is a dedicated server for the PostgreSQL project, that you offered to
>> us knowing full well we were expecting full root access to.
>
> Well no. I didn't expect that you would need root access because I have
> 50 dedicated machines at the facility none of which need root access.

http://archives.postgresql.org/pgsql-www/2006-01/msg00119.php

> I am not trying to be difficult here but all I see is, "Well we like to
> do things as root and since this is only a community machine you should
> let us."
>
> I on the other hand am trying to bring a certain level of stability and
> quality to the infrastructure. That requires a level of discipline which
> means we use things like sudo, acls and group rights. We don't use root.

>> Why is it such a
>> bad thing to provide exactly that?
>
> Dave, come on. You are smarter then that. System Administrator 101 says
> you don't use root unless you have too. You don't give root to those who
> don't need it.

No, we don't. However we do give root to enough trusted individuals with
intimate knowledge of the system to ensure it can fulfill al the tasks it is
required to at all times.

> I refer to #2 above. Nobody has given me one task that you would need to
> require root on this machine.

OK, example: major disaster on another box- we temporarily need to move
another site over which requires an addition PHP option be enabled. That has
happened in a situation when we needed to do the job immediately or face
being slashdotted on release day.

> You will need to configure apache... I will make sure you can do so via
> included confs.
>
> You will need to configure Aspseek... You will be able to do so.
>
> You will need to be able to stop/start postgresql. You will be able to
> do so via sudo.
>
> You will need to be able stop/start apache... You will be able to do so
> via sudo.
>
> You will need to be able to add users... I can give you sudo rights to
> do that (although that scares me a bit).

All fine, as long as we know in advance every little thing we might need to
do which seems highly unlikely.

> You want to be able to upgrade software? That should be done via
> scheduled times with a plan in place in case there is an issue and if
> part of the core OS (postgresql/httpd) should be done via apt-get if at
> all possible.

Which is rarely flexible enough based on past experience of various *nixes.

I still don't see why this is a problem given that this is a dedicated
machine, unless you're scared that we will break it because we don't know
what we're doing (human error not being a factor as your people are no more
safe from that than we are).

Regards, Dave.