10 tips for a sensible system administrator

Benjamin Franklin is a scientist, scholar, statesman and ... System administrator? Yes, as early as 200 years before the UNIX® system, Franklin had made recommendations for keeping the system in good working. Here are Franklin's 10 most famous tips.

If you ask anyone about Benjamin Franklin's achievements, you'll probably hear stories about his electrical experiments, his involvement in the creation of the United States Federation, and the invention of two-focus glasses (see Figure 1). However, Franklin has many unfamiliar but equally influential achievements, he took part in the issue of paper money, the use of innovative anti-counterfeiting technology, the establishment of the United States Postal Service, in 1736 in Philadelphia, the first fire insurance company to form a colony (Union Fire). In fact, a few centuries before Smokey the bear, Franklin put forward the famous fire-fighting slogan, "Prevention is better than cure". His advice still makes sense today, especially for UNIX system management.

Figure 1. Benjamin Franklin: politician, inventor and UNIX system administrator (look at his long hair), created by painter Jean-baptiste Greuze in 1777

According to Franklin's dictum (he also said the punch line, "Guests are like fish, smelly for three days"), the author concludes 10 tips for system administrators to keep the UNIX system working properly.

Franklin's tips on security

Credulity and Prudence are the mother of safety. ”

It is difficult to ensure system security. It is impossible to completely resist all threats by simply buying and installing a product. On the contrary, to protect the system, you must always be vigilant and constantly create, search, apply, test, and adjust many security measures. A little paranoid is good. Given the nature of security, Franklin said Gloomily, "three of people can't keep a secret unless two of them are dead." ”

The system can be better protected by the following measures:

Subscribe and read the security bulletin to understand the threats to your operating system and application software, and determine if these issues can compromise your configuration. (for example, a recent discovery of the Apache HTTP Server's mod_proxy_ftp module has been compromised, so many sites have disabled this module). When you need to take action, develop a plan for defending against threats, such as applying patches and recompiling to your source code, or updating your software through the vendor's package repository.

Grant only minimal access to each user and application. Provide only the permissions required to complete a task, never exceed this scope, and never allow direct access to root login. If your application must be running as a root user, you should consider an alternative solution.