Sysadmin bad habits
I think it would be interesting to have a list of bad habits you observe related to system administration. For example:
- Always using
root
on servers - Sharing account passwords
- Inserting passwords on code
- Still using telnet
- ...
Although I'm mostly interested on security, you bad habit doesn't have to be security related. Bad habits stories are also welcomed.
I think most of the bad behaviours of sysadmins is due to the fact that they forget the golden rule:
A sysadmin is there to support the users, not the other way around.
I have beaten this lesson into plenty of new recruits by now, but many new in the field doesn't quite understand how important it is. From this simple rule comes the philosphy when working as a sysadmin:
- Never, ever, do a risky change on a production system outside maintanance windows
- If it's new and shiny it's not going into production.
- If it's old and broken it's not going into production.
- If it's not documented you don't get paid for it.
- Changes that shifts work load to the users are not worth it.
- It's your responsibility to keep it running, no matter what the user is doing.
And from here you can trace the typical bad behaviours of unskilled sysadmins
- Patching live production systems...
- Latest stuff pushed into production without carefull testing
- Using scavenged equipment in production
- Spotty, limited or (even worse!) wrong documentation
- "Just copy the addressbook by hand when we switch mail-server!"
- "It's your fault for not backing it up..."
I think XKCD summed it up pretty well
Is it a bad habit to give in to user requests (demands?) that lower security for the sake of their own convenience?
Writing a script that isn't well documented or written in an easy to read style so that the people that come after you can easily read and modify the script.
Perl scripters I'm looking at YOU!
"I'll document this later" No, you won't.
Of course, some preempt that situation thusly: "Documentation?"