What user role starts/stops your CMS?

Here at Notre Dame our Office of Information Technologies (OIT) is divided into divisions, departments really, with specific responsibilities. The System Administrators are in one such group. They buildout servers, maintain servers, upgrade physical hardware, patch operating systems, configure the operating system for the specific application or service which is intended to run on it…in conjunction with the Application Administrator, who takes it from there.

The Application Administrator works closely with the functional community who uses the service in order to respond to their needs and, if possible, find a way to implement their wish list before they know what’s on their wish list. 😉

So, if you ask one of our App Admins, "Got root?," the answer is unequivocably, "No. Never. I could use it at times, but I wouldn’t ever have it."

Applications are builtout as non-root users. If your application happens to listen on a port lower than 1024 (privileged ports) such as, oh, a course management system, then your System Administrator will create sudo scripts for you. You’ll install your application as the non-root user assigned to you, and you’ll start/stop your application utilizing the scripts you and your Sys Admin have worked out.

Do any of the rest of you have root privileges? If so, does it impact your security policy? Does your institution consider it good practice?