Red Hat Upgrade Woes
So, I was building a system last week with CentOS 5.5, and most everything was going well. The software stack on top of it was working as expected, which was a pleasant surprise, given some of the changes I had made to it. The one thing that wasn’t working correctly was an entry in root’s crontab, and I couldn’t for the life of me figure out why, especially considering the exact same entry/script was working great on some of our other systems, running CentOS 5.4. One of my coworkers couldn’t figure it out either. A few days later (while working on a variety of other things, of course), I finally figured it out.
First, a bit of background. This script was running as root, and was invoking various commands using sudo (to run the commands as a user other than root). I didn’t think much of this until I happened to look at /var/log/secure for another issue, when I noticed some messages regarding this script in there. As it turns out, Red Hat, in their infinite wisdom, made the decision to disable sudo from running under anything than a proper TTY (i.e., console/SSH/et cetera). They made this decision despite RHEL 5.4 (and thus CentOS 5.4) not having this behavior, and despite Red Hat’s premise of being an enterprise distribution, where as little as necessary will change between point releases.
Now, I realize I should’ve found this sooner, and the manner in which sudo was being invoked wasn’t terribly logical, but it worked, and it wasn’t something that should’ve been changed in a point release of an enterprise distribution. Marginal additional security (in my not-so-humble opinion) doesn’t outweigh some of the headaches I can foresee this causing. Sorry Red Hat, but bad move…
Oh, and a word to Dell too: for the love of god, why do you have not one, but two lights-out management boards in some of your rackmount servers? I had to replace a motherboard last week, and while I swapped the iDRAC 6 Super Active Enterprise® card over, I missed this tiny little do-nothing iDRAC 6 Useless Edition board in the corner. A board that the Super Active Enterprise edition happened to depend upon, for some odd reason.
I do still love working in IT though. I must be psychotic.
