AIX Authority and Permissions

In a Sarbanes-Oxley/HIPAA world, it is better from an audit perspective to separate out the admin duties from the applicaton duties.

Where there is a need for root, it is usually for a third party package install, in which case, it is best if a sysadmin is involved, rather than just tossing the software on the box, and hoping no conflicts arise.

If all the permissions are set as QDX recommends, there shouldn’t be a need to have root access to manage all QDX code and commands. If they are not set right, it is better to set them right. I think QDX has a utility for this now, but it used to “here is the specification, you implement it.”

If none of the above are sufficient, the admin can always configure a free utility, sudo, to allow program execution only for selected (necessary) programs.

I can tell you that there is no technical reason why cloverleaf cannot be managed equally well with or without root authority on the box.  We have not had root authority on our boxes in years and the only thing that it prevents us from doing is installing other software.  I will caution you though.  Make sure you keep a very close relationship with your sysadmins because you will be looking to them a lot when memory and disk space issues arise.  In an ideal world it would be good to have a sysadmin attached to your group or readily available to get assistance troubleshooting.  Once the problem you have gets to the point where you have ruled out the application, it is also nice to have someone to “pass it off” to…lol.