SysAdmin & Developer: Responsibilities

Josh Brower asked:

When it comes to something like a production webserver, what is best practice for responsibilities for the sysadmin & developer? Specifically, I am thinking about updating/installing software. (In my understanding, the dev should not have root access on the production server.)

So a production webserver is running WordPress, and it needs to be updated to the latest version. Who is responsible for keeping it updated?

What if the devs have custom hacked plugins, or custom core files on the app (in this example, WP) ?

My answer:

Developers should not have root on production; everyone except the developers agrees on this. But the developers can sort of have their cake and eat it too. I am somewhat surprised that nobody explicitly mentioned this:

One of my very long time small business clients has a web site with a Drupal installation, several WordPress sites, an SMF forum, and a few other random small web apps. I am the contract sysadmin (and for historical reasons also update/hack WordPress and SMF when needed) and my client has his own contract Drupal developers. The environment is several VMware virtual machines on a public cloud provider.

The developers really want to have root access and sort of need it. It’s their responsibility to write the nginx rewrite rules to make all their custom Drupal stuff work, for instance. But no way in hell am I giving them root access on the production server, and my client agrees with me on that.

So we compromised: They get root access on the test web server (which is generally identical to production except for its IP address and is on the same cloud). Which, like production, has etckeeper so I can see whatever changes they needed to make and any packages they installed. I can then either pull the changes into production or tell them what’s wrong with whatever they want to do. And if they really screwed up (they haven’t yet, thank gawd) I can easily revert their changes.

They have no access at all to the production database server; they don’t even have user logins. Only my client and I do.

(The web app itself, they deploy directly with git, and if they break it, they get to fix it and explain to my client why they should continue to be his developers. Though my client would CC me on such email so I could either laugh at them or facepalm.)

View the full question and answer on Server Fault.

Creative Commons License
This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License.