Re: What is the best practice here? @AC
Teach your users to set reasonable permissions on files! It goes back to my statement "too many people do not understand the inherent multi-user nature of UNIX-like operating systems".
They're not my users, they (and I) are, for the most part, senior developers who are well aware of how umask works, and may (or may not) choose to share files.
With regard to running the script as root. You're not that familiar with NFS are you?
I am, as it happens. At the kernel level.
If you are using it properly, you will have the NFS export options set to prevent root access as root (it should be the default that you have to override), which is there to prevent exactly this sort of problem. This maps any attempt to use root on the test system into the 'nobody' user on the server, not root.
And that is, of course, exactly how our systems are configured.
It is also why I said that running the script as root would have been less serious, since not only would it have been potentially less serious for the NFS-mounted files, it would have permitted the test server to destroy itself fairly quickly as it wiped out /usr and /etc. Instead the faulty script (running as a QA user) didn't destroy the critical system files, it only destroyed those files that people had left accessible. The server remained up.
There are people who have been using NFS in enterprise environments for in excess of quarter of a century
True. I'm one of them.
Do you not think that these problems have not been addressed before now?
Indeed they have, and fortunately by people who read and understood the problem before making comments.
Biting the hand that feeds IT
