Sysadmin bad habits

I think most of the bad behaviours of sysadmins is due to the fact that they forget the golden rule:

A sysadmin is there to support the users, not the other way around.

I have beaten this lesson into plenty of new recruits by now, but many new in the field doesn't quite understand how important it is. From this simple rule comes the philosphy when working as a sysadmin:

• Never, ever, do a risky change on a production system outside maintanance windows
• If it's new and shiny it's not going into production.
• If it's old and broken it's not going into production.
• If it's not documented you don't get paid for it.
• Changes that shifts work load to the users are not worth it.
• It's your responsibility to keep it running, no matter what the user is doing.

And from here you can trace the typical bad behaviours of unskilled sysadmins

• Patching live production systems...
• Latest stuff pushed into production without carefull testing
• Using scavenged equipment in production
• Spotty, limited or (even worse!) wrong documentation
• "Just copy the addressbook by hand when we switch mail-server!"
• "It's your fault for not backing it up..."

I think XKCD summed it up pretty well

Is it a bad habit to give in to user requests (demands?) that lower security for the sake of their own convenience?

Writing a script that isn't well documented or written in an easy to read style so that the people that come after you can easily read and modify the script.

Perl scripters I'm looking at YOU!

"I'll document this later" No, you won't.

Of course, some preempt that situation thusly: "Documentation?"

I have a bad habit of getting frustrated enough at the security "fixes" in Windows that I'll blindly add sites to a trusted site list or lower security enough that IE8/XP/Vista/etc. stops pestering me while I'm trying to get something done and I'm fairly sure I'm going to the right place and downloading the right file. I know it's supposed to make you more secure to rethink your actions, but quite frankly, click click click click makes me nuts nuts nuts and eventually the warnings all blur together until I don't pay attention to site certificate errors (it's our own self-signed, right?...well, probably...) and other times it's asking me stupid things that should have been enabled by default (yes, I really did mean to go to Windows Update, and I do want security settings to allow Microsoft's own update site to run, thank you...)

A no-update policy because "it works, so why should we touch it?".

And then Slammer slams you in the head...

Applying vendor updates the instant they become available. Wait a few hours and google the patch's name to avoid being the one submitting the horror stories.

Saying "WHAT!?" whenever a user nears your desk.

Using the same password on multiple systems or applications (a la Apache Foundation).

Meaningless work log entries. ie:

$ rm *

Great, you deleted something, somewhere, as some user, on some system. I have the same alert, and I'd like to know how you fixed it last time.

Here is a prompt which solves most of those issues automatically.

PS1="\h \d \t \w\n\u > "

myserver Mon Apr 26 16:20:44 /var/log
root >

Hostname changed :-) Now I know everything except what you deleted, but at least I know where to look.