[Techtalk] Administration, was Re: Hacked on Solaris

Maria Blackmore mariab at cats.meow.at
Wed Aug 28 17:14:45 EST 2002

On Wed, 28 Aug 2002, Caitlyn Martin wrote:

> > The point is not that security is bad; just that it's not the only
> > thing to consider. The system administrator is responsible not only
> > for making the system secure, but also for making it usable. So think
> > about the poor user sometimes.

What would be nice is if the poor user that's complaining thought a little
bit more about things other than herself (or himself), perhaps the poor
company which their actions might have an adverse affect on, other people,
wider issues.  In a lot of cases the user concerned will listen and
understand when they have the reasons explained to them, however some
users will still remain obstinant in the face of this explaination, and
some will refuse to listen at all.

One of the biggest things here is the art of compromise.

> The fact is that reasonable security can be in place without pain to
> users and many companies don't bother.  I've had users complain that
> there was a password at all, or else complain that they had to change it
> (with no restrictions whatsoever) every 90 or 180 days.

transcript of a conversation I had with a user

user:	"it's stopped, it's asking me to enter an account name and
me:	"ok, do you know what your account name and password are?"
user:	"no"
me:	"ok, do you have the details that were sent to you when the account
was setup?"
user:	"what do I need an account name and password for anyway?"
me	"well, it's so that the mail server knows who you are"
user:	"why doesn't it know anyway? I know who I am, why shouldn't it?"
me:	"because computers, like humans, don't know things that they haven't
been told"
user:	(irritably)"well, ok, an account name then, but why do I need a
me:	"it's so that the computer can verify the identity that you have given
user:	"why does it need to do that?"
me:	"because it has no other way to tell if you are really you.  You
wouldn't want someone else to read your email would you?"
user:	"well no, no no, of course not"
me:	"well that's why then"
user:	"well it should just know who I am, anyway"
me:	"well, that's as maybe, but it DOESN'T" (gritting teeth)"

This was picked up about half way through the telephone conversation, by
which point the woman in question had patronised me, insulted me, and been

Education is a watchword, I believe in it.  I try to explain as much as I
can to users whenever I can so that they have eventually enough
information to help themselves.  However it is harder to educate some
users than others, some of them don't want to be educated for a start,
some of them just don't listen, or don't care.

Spare a thought for the poor people supporting these users, the ones that 
have to try to explain against all the odds why things are the way that
they are.

(I would put in my usual minirant comparing using a computer to driving a
car here, but I don't feel up to it)

>  I've had users complain that they aren't given root on a UNIX box
> (and, like, what can't you do with sudo -s if you have all
> priveleges?) or that root passwords are different from box to box.  

This sounds like a problem that someone has with control, and the need to
feel that they have it

> Too bad.  These same users will call for my head if they are hacked
> and their work is touched, or if they are down for more than five
> minutes.

How very true :(


> It's just a matter of instilling good habits into the user community
> and taking away the really bad ones.  People are resistant to *any*
> change.

education .. as I said above.

Sometimes it's enough to make me want to cry


> PHBs?  Part of an admin's job is to make sure that they understand that
> you value their work and you are trying to protect it for them.

I try to do this whereever possible, and it is often hard.

The boss will take a stance of "I don't want to know anything technical, I
don't need to know anything technical", and then he will complain that he
doesn't know what you're doing, then you explain what you're doing and
they go all glassy eyed, they ask for more detail, you give it to them, go
back to start.

Though perhaps worse is the tendancy sometimes to just stand away and
avoid completely when they don't understand something .. fear of being
made to look stupid?

I'm not sure, to be honest I have never had a female boss in the computing
industry, all male.

Probably a sad commentry itself.


have fun :)

More information about the Techtalk mailing list