What is the risk of giving DEVs root access in production?
Since I suggested the topic I was asked to give a short introduction into the topic:
The discussion that followed was suprising in several aspects:
- A major concern is safeguarding the production data, but nobody had a really good solution for that. Many people have more problems with Developers seeing live customer data than with Develops changing something in production.
- "Nobody should have root" was proposed by a security specialist, but he had no practical working example for this approach.
- The question is tightly coupled to the degree of automation. The more automation you have the less need for anybody (Dev or Ops) to use their root privileges.
- Not everybody having root access knows what to do with it, Developers are sometimes afraid of using their power if granted root.
- This is mostly a question for larger companies and classical IT organizations. Small companies and start ups just give root to everybody who knows what to do.
For me that was the first time having this discussion when nobody tried to prove that Developers should in principle not get root access. The Test Driven Infrastructure fish bowl at the Berlin DevOps Meetup 2013-12 last year also touched upon this topic and the discussion was much more against giving root access to Developers.
My personal opinion is that in a DevOps world people are in the focus of our interest. The official title or organizational position should matter less than what the people are doing. We should therefore
give root access to people based on
- Trust to act in our common interest
- Commitment to fix everything they brake
- Skills to tread carefully in our production environment