Re: Sysadmins

[Emmanuel Colbus]

Leonardo Lopes Pereira wrote:
> After a quick discuss with marco_g on IRC, i started to thing about Why we 
> need 
> a sysadmin. And I realize that only small options on the system need the 
> admin 
> interference. I saw that many people here are very fanatic about security, 
> but 
> what about a system with a admin that put backdoors on programs?
> 
> So, if we will design a system where people can fell secure, we need to 
> create 
> a system where the admin has less power as possible.
> 
> In my opinion, the admin is a user that will be able ONLY to configure some 
> parts of the system that cannot be configured by a user. All other things 
> that 
> the admin needs to do, like run a server, will be done by a common user with 
> no 
> more power than other users.
> 
> To install programs we can create a mechanism that every user can install 
> programs that will be avaliable to every users. but all programs would be 
> signed on their origin, and if the user trust on that origin, this program 
> will 
> be able to work perfectly, if the user doesn't trust on the origin of the 
> program it will be alerted about that and will choose how this program will 
> run. With no access to FS, with a read-only access to FS or if the user will 
> start to trust on that origin.
> 
> I know that this is only one case of many thing that a sysadmin does, but 
> this 
> was what wake up this discuss in my mind, so, if you have more things that 
> you 
> beleave that only sysadmin can does, we can start to discuss, thanks.

Yes : see http://lists.gnu.org/archive/html/l4-hurd/2005-10/msg00827.html and
its thread. 

Btw, allowing (and also forcing) users to install they own software, and also 
administrate it, would only result into a very great amount of lost time 
(redundant work from the users), a very bad security (do you really think every 
user has the competence of a sysadmin?), and a waste of disk space and other 
ressources. If sysadmins were only unneeded parasites, they would have 
disappeared for long.

Additionnaly, in the real world, the majority of the users wouldn't 
install their own software copy, they would just trust software from some other
person, which is far more dangerous than trusting only one sysadmin (who is
identified, available, responsible for what goes wrong, and theoretically also 
competent in his field).

On the other hand, please note that the feature you mentionned is already 
available on any UNIX system : just install a copy of the software in your 
homedir, and use it instead of the admin's installed version; and use 
permission 0755, so that other users may also use it (the only thing you 
can't do here is removing its right to access the fs).

Oh, and please explain me how you would do to run 1 copy of sshd per user, 
for example... all of them sharing port 22 at the same time?! Or only one,
which would belong to this "common user"... but how would he have the right
to start a shell belonging to another user?

> 
> ps.: I do not want to start a monster thread, But I beleave if you want a 
> system almost from scratch, we need to discuss every point of it.

Yes, so let's discuss it :-) .

Emmanuel Colbus
(UNIX system administrator)

(Personal feeling : its curious how bad the opinion about 
sysadmins seems to be by some people here...)