Common Traits of the Veteran Unix Admin 592
snydeq writes "Deep End's Paul Venezia offers a field guide to understanding your resident Unix veteran, laying out the nine traits common to this grizzled, hardcore set. From not using sudo, to wielding regular expressions like weapons, to generally assuming the problem resides with whomever is asking the question, each trait is key to 'spotting these rare, beautiful creatures in the wild,' Venezia writes. 'If some of these traits seem anti-social or difficult to understand from a lay perspective, that's because they are. Where others may see intractable, overly difficult methods, we see enlightenment, borne from years of learning, experience, and overall, logic.'"
vim? really? (Score:5, Insightful)
vim? svelt? Puhleez. When not using ed(1), Real Unix vets use Bostic's One True vi, not some fagged-up Vegas showplace of an editor like vim.
Hmmm (Score:3, Insightful)
Lemme just email this to all my friends with the subject line "If you know someone like this pass it on LOL"
Re:We don't use sudo? (Score:1, Insightful)
Using sudo exclusively is like bowling with only the inflatable bumpers in the gutters -- it's safer, but also causes you to not think through your actions fully.
That is just stupid. System destroying actions are system destroying actions. Sudo or su or runlevel 1, if you are not thinking out your actions, you have no business executing that action. Both commands can get you into the same trouble.
Re:Common Traits of the Veteran Unix Admin #10 (Score:4, Insightful)
I'm actually rather impressed that this site still works in Lynx, what with all its new-fangled ajax hoohaa.
Re:We don't use sudo? (Score:5, Insightful)
Really? When your job is entirely about being root, sudo is just getting in the way. I happen to have run systems in a serious environment, and we never used sudo. I would say if you have something to do that ISN'T root, you sir are teh nub.
Re:We don't use sudo? (Score:5, Insightful)
You're both wrong, I'm right.
Stupid (Score:3, Insightful)
Unless unix veteran is a code word for idiot of course.
Take #9: "Our thinking here is there's no reason why a reboot should ever be necessary other than kernel or hardware changes, and a reboot is simply another temporary approach to fixing the problem.". When a run away program fills the disk or sets off the OOM killer then after fixing the problem itself rebooting is the obviously wise thing to do - who knows what random proceess got put in a bad state by the resource exhaustion best reboot and get everything into a known good state.
And of course have fun when the machine does need to be rebooted for a "kernel of hardware change" and some vital service doesn't restart because no one checked that the damn init script was enabled.
but you ARE mucking around as root (Score:2, Insightful)
You just prefix each command with "sudo". It becomes a reflex. You've essentially turned your regular account into a root account. You no longer really have a regular account.
That "#" prompt was invented for a reason: it provides a reminder. While you certainly could be oblivious to such a reminder, that is less a risk than always being one thinko away from doing root actions while feeling all safe and usery.
Better is a separate login window, keyboard, seat, font, color scheme, desktop, etc.
Re:RegEx? (Score:3, Insightful)
Beware, Cthulu awaits [stackoverflow.com].
Re:Stupid (Score:5, Insightful)
Re:We don't use sudo? (Score:3, Insightful)
The article certainly isn't suggesting that one should surf the web or IRC as root...
The popular Linux community is so tied up in what Canonical has deemed "best practice" that it no longer trusts itself with the level of control it brags to Windowsland about having.
Re:Stupid (Score:5, Insightful)
Real sysadmins know when things get in odd states and can restart those things without rebooting.
Of course reboot tests are required to make sure the box will come back up correctly but those are to reset things, they are part of system testing.
Re:We don't use sudo? (Score:5, Insightful)
I'm doing sysadmin, maybe one out of 20 commands I type *have* to be run with root access. If I am doing them all as root then there is a much greater chance of making a mistake and committing that system destroying action or, even worse, doing something subtly bad that nobody knows about until later when it's too late. It also makes me think twice (instead of just once) before executing that command as sudo.
Sudo logs commands that were run, by whom, and when. Even if I didn't care about whether I was root all the time or not, having a log of what was done with that access can be an indispensable tool when doing system troubleshooting. It's also a handy way of telling if someone screwed something up or if j00 wuz pwndz.
To me, running around as root and not using sudo is like using vi to look at a config file you have no intention of editing or similar. It's too easy to slip up and do something wrong once you get "in the groove". Add a page at 4am to that or a situation where you're at the tail end of a 30 hour emergency maint and it's beyond easy to screw things up.
Re:We don't use sudo? (Score:5, Insightful)
Uh, sudo isn't a tool, its a wrapper to audit trail your ass and limit what you can run. The only reason to have it apply to admins is to watch them. Otherwise it just gets in the way. Its not like it adds something to the experience for anyone. It doesn't keep you from making a mistake, it just keeps you from running commands that someone else has decided that you don't need access to. That's like saying that locking away guns prevents you from shooting yourself in the foot. Its does... unless you are in the Army and your job is to tote the thing around on patrol for days at a time. There are simply some times in life where you have to know how not to shoot yourself in the foot.
The only place I ever had it applied to me was when I worked in the financial services industry, and I understood their position. Even then, the sudoers file was so badly conceived that, had we wanted to, it would have been a simple matter to get a root shell. Its difficult to keep out the very people that you need to keep the system running. I'd argue that it is generally not even worth trying it at all unless a very unforgiving regulatory commission is breathing down your neck.
If you don't know how to use root access in a way that doesn't screw up your box, you don't deserve to have a job as an admin, period. Its not like its easy to bumble around on a command line and screw something up. There's really only one really easy thing to do that will potentially demolish a box and that's rm -rf * in the wrong directory and it is a rare sudoers file indeed that prevents a sysadmin from running 'rm'. You could argue a reboot or shutdown on a box with something like a database might be a problem as well, but after that, you actually need to put some effort in screwing up your host with the other commands. Even format/fdisk requires you to think about how you are going to reformat your disk.
I use sudo a lot... to make sure developers can't screw up boxes and do cute little tests in production. But my rule of thumb as an admin is that sudo is something that is inflicted on someone else.
Re:Common Traits of the Veteran Unix Admin #10 (Score:4, Insightful)
Re:vim? really? (Score:5, Insightful)
vim? svelt? Puhleez. When not using ed(1), Real Unix vets use Bostic's One True vi, not some fagged-up Vegas showplace of an editor like vim.
That's like saying Real Unix vets still use telnet and rsh to remotely administer machines. Sometimes it's nice to be able to move up and down lines without having to leave edit/write mode. vim is used by Real Unix vets who have kept up with the times, just like ssh. Only washed up has-beens don't learn to eventually use better tools.
Re:Veteran Unix Admin? More like wanna-be (Score:4, Insightful)
True. I will reboot a host without a second thought if a specific type of issue comes up. Root cause analysis is great, but when you're in production, the host really needs to be running. You can figure out the RCA from the logs later on, if need be.
However, most issues with a box can easily, and much more quickly, be fixed by simply restarting specific processes. I've had plenty of hosts stay up for years at a time with nothing else needed but to occasionally restart some processes. And that is the way it should be. Rebooting isn't some magical maintenance cycle where the oil gets changed and the hamsters are replaced, its just a wipe of the RAM and reload of the OS to an initial state. It doesn't fix hardware errors, bad code or poor planning.
Unfortunately, most of the time, the order comes from someone who doesn't know what they are doing. In that case, as long as it doesn't make things worse, if it takes longer to convince them to not reboot the host than it does to actually reboot it, you might as well go, "Right away, sir." and get it over with.
Re:vim? really? (Score:5, Insightful)
The comparison to ssh is inaccurate as well. We use ssh because ssh gives us clear security advantages over telnet and rsh, and allows us to use one tool where we previously needed two. Any Unix admin worth his salt, no matter how long and luxurious his neck beard, will gladly upgrade his tools to improve his own efficiency or increase security. SSH does both of those things, while vim does neither.
Re:Common Traits of the Veteran Unix Admin #10 (Score:4, Insightful)
With the audience of this site, it wouldn't surprise me if Lynx is a test case when the design is modified.
Lynx is my 'What does this look like to Google?' browser.
Every time someone claims not to care about whether blind people can access their site, I remind them that search engine crawlers are blind.
Re:We don't use sudo? (Score:5, Insightful)
On a server, what could I possible need to do that doesn't require root?
"Man, if you gotta ask, you ain't never gonna know!"
For my file server 159 out of the last 500 commands featured sudo in them. On my database server, the number is 199.
On one of my main application servers, the user account for the service itself isn't even in /etc/sudoers. All of the maintenance and administrative tasks are done without resorting to extra permissions.
Re:We don't use sudo? (Score:3, Insightful)
Ok, logging into to a database is *not* being a Unix/Linux Admin, it is managing a database.
Listen. The people who log in to make changes to the database, and update the website(sorry, application server), are *USERS*, even if some of them are in sudoers, they are not the Admin (who put them in sudoers).
Re:Common Traits of the Veteran Unix Admin #10 (Score:4, Insightful)
Actually, correction:
10. Veteran Unix admins don't "write articles for InfoWorld".
Re:We don't use sudo? (Score:4, Insightful)
Yes. This is why you disable all those backdoors and only specify particular commands that can be run in /etc/sudoers, with others either denied, or lighting up your IDS/system monitoring like a Christmas tree.
(This also serves as a handy reminder that properly securing systems is *extremely difficult*.)
Re:vim? really? (Score:4, Insightful)
The first thing we do in vim is turn off syntax highlighting and silently curse whoever keeps turning it back on
I second the other poster's WTF here. It's one thing not to rely on the advanced features of vim - after all, the Single UNIX Spec only mandates vi, so it's the only thing you can guarantee being available, but it seems crazy to not take advantage of them when they are available. Do you also turn of auto-indenting and multi-level undo so that you can spend more time typing and less time actually being productive?