root access

[Ubiquitous Geebles]

In production, the SAs can su to root, but cannot log in directly as root.  
If the machine is in a sorry state and requires console root emergency 
access, they use a substitute UID 0 account whose password lives only in the 
safe.

And not all the SAs, only the one(s) responsible for that host. If it's a 
weekend or late, there's a safe, call the manager for the key location, rip 
open the envelope inside, Monday ( or the next business day ) the SA changes 
the password.

In development, DBAs and SAs get root on "sandbox" hosts.
Developers never get root.  I've found too many non-standard, 
non-reproduceable, funky things when this occurs.

_________________________________________________________________
MSN 8 helps eliminate e-mail viruses. Get 2 months FREE*.  
http://join.msn.com/?page=features/virus