I am just curious about your opinion on something which I am against.
I work at the client location. Our office is very small (4 employees + 1 teamlead where 1 employee per 12hrs shifts) and we are responsible to process the reception of external files into the client's database via some tools. We work directly on the client's system. I would not call us operators as we really do not do operator work. We simply execute a few script to process those files, start a batch update process, do backups, do tapes shipping/receiving and a few reports. The criteria to be hired here is very little knowledge about Unix. In fact, you could be hired with no knowledge at all as all we do is day to day tasks listed in a checklist and binders.
But the thing is, the way it was set up here, is that all of us logon on to the system and then 80% of the time, switch to root to do our work. I find this very dangerous as you could very easily mess up the system. I am not an admin but I could be considered as the one with the most experience here and the one who is thinking more about security, bullet proofing and so on. The majority of the script written here were made by someone who has no knowledge about programming (just stuck a few commands in scripts to do the work without any validations at all and assuming everything will always work in the perfect conditions). I had done scripts in the past and I would not even call them scripts.
Following an initiative of mine, I have been given the responsability to automate/improve all of what we use. In my mind, I am thinking more about bullet proofing, reducing time and human errors. There are so many places where human errors can be very easily done and have happened too. The fact that we almost always use root access does not help at all.
So I am thinking of getting rid of root access and simply giving permissions to employee's id to do the work. As almost every scripts have been coded to assume root access is being used, some of the system access and DB will probably have to be looked at to see if permissions can be changed too.
What do you think ? Am I right in wanting to get rid of root access ?