Semi-operators using Root access all the time ?

I am just curious about your opinion on something which I am against.

I work at the client location. Our office is very small (4 employees + 1 teamlead where 1 employee per 12hrs shifts) and we are responsible to process the reception of external files into the client's database via some tools. We work directly on the client's system. I would not call us operators as we really do not do operator work. We simply execute a few script to process those files, start a batch update process, do backups, do tapes shipping/receiving and a few reports. The criteria to be hired here is very little knowledge about Unix. In fact, you could be hired with no knowledge at all as all we do is day to day tasks listed in a checklist and binders.

But the thing is, the way it was set up here, is that all of us logon on to the system and then 80% of the time, switch to root to do our work. I find this very dangerous as you could very easily mess up the system. I am not an admin but I could be considered as the one with the most experience here and the one who is thinking more about security, bullet proofing and so on. The majority of the script written here were made by someone who has no knowledge about programming (just stuck a few commands in scripts to do the work without any validations at all and assuming everything will always work in the perfect conditions). I had done scripts in the past and I would not even call them scripts.

Following an initiative of mine, I have been given the responsability to automate/improve all of what we use. In my mind, I am thinking more about bullet proofing, reducing time and human errors. There are so many places where human errors can be very easily done and have happened too. The fact that we almost always use root access does not help at all.

So I am thinking of getting rid of root access and simply giving permissions to employee's id to do the work. As almost every scripts have been coded to assume root access is being used, some of the system access and DB will probably have to be looked at to see if permissions can be changed too.

What do you think ? Am I right in wanting to get rid of root access ?

Absolutely. Anyone who uses root should have the skills required to recover from any error committed as root. This includes rebuilding the system from scratch. You seem to have no system administrator at all. That's like being in a plane with no pilot and everyone has access to the cockpit.

Yes, as soon as possible! Someone who knows nothing of the risks of working as root shouldn't be allowed to do so. As a side question: Can they be held accountable if, by accident, they issue an r m -rf / ?(Do not execute this command. Never. Don't even think about it!) If not, get them off root access even sooner then possible.

Yep, good idea. Best implement all scripts into sudo so they can just start them with/from their account and dont have to su. Basically remove root access of course for all but one other just in case you get ill/have holidays or something.

Maybe also implement some checks to those scripts for errornous input or something (getopts, case, ...).