Hacker News new | past | comments | ask | show | jobs | submit login

At that point it's well worth figuring out what has gone awry with permissions rather than executing as root. If nothing else, you'll have added valuable information to your internal knowledge base about that particular permission problem and know how to fix it when it inevitably crops up again.



Sure but that's much easier to say than to actually do. Sometimes it's not necessarily a permission issue but something missing in a user account. When you're under a tight deadline, especially at a start-up, it's not always easy to say "well I'm just going to keep working on the problem until I fix it" when you can also say "I can fix this in 3 seconds for now and hopefully revisit later".

It's simply reality. I don't enjoy it. Fortunately I've never done that in any type of production environment (just development). But I don't entirely blame people. Many of the infrastructure pieces that need to be deployed can get very complex very quickly.


>Sure but that's much easier to say than to actually do. Sometimes it's not necessarily a permission issue but something missing in a user account. When you're under a tight deadline, especially at a start-up, it's not always easy to say "well I'm just going to keep working on the problem until I fix it" when you can also say "I can fix this in 3 seconds for now and hopefully revisit later".

I used to be in the same boat as you until I had my lightbulb moment: if you're constantly coming across permission errors like this, it's a sign that you're just doing things wrong.

I don't mean this as an insult; it's more that often when you download, install and provision a new piece of kit, it's easy to do so without taking a few minutes to read the docs and find out the best way of doing things. Especially if you're glancing over e.g. Ubuntu instructions when installing on CentOS.

(in fact, this rule applies to a lot of IT. Spending hours trying to get a CI tool to do X, Y and Z? Chances are it's just not meant to do it that way. God knows how much time I've lost to this.)


Agreed. After a few years of doing these sysadmin tasks "the right way", it doesn't take any longer than the insecure way, as you gain a solid mental model of the various permission structures and you've learned all of the diagnostic tools available to you.

> I don't mean this as an insult; it's more that often when you download, install and provision a new piece of kit, it's easy to do so without taking a few minutes to read the docs and find out the best way of doing things. Especially if you're glancing over e.g. Ubuntu instructions when installing on CentOS.

As a sysadmin, I find software documentation to often be the worst place for deployment advice. It's often written by developers with the same mindset as the GP - just get it working, best-practices can come later (which they never do).

One app per user (and the corollary, proper segmentation between system users) is something you just have to train yourself to do, screw what the developer had in mind with his deployment instructions.


Oh I certainly agree and fortunately this hasn't happened much to me. But it has happened to myself and many developers I know hence my original comment :)

Though to be fair I've also run into weird bugs with OpenShift, Mongo and a few others over the years so it's not necessarily something wrong that the developer is doing.




Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact

Search: