What is a Minimalist SysAdmin?

Short version

The opposite of the bloated, kitchen sink, Windows administrator.

Long version

A Minimalist SysAdmin is one who defines his needs in terms of necessary functionality and tries to choose the simplest solution with the least number of pieces that serves those needs. An ideal solution will be simple, elegant and powerful.

One of the paradigms of Unix is the tool that does a particular task well. Such tools can then be used in tandem or sequence to solve more complex problems. The essential Unix toolbox contains a number of such tools. Typically, they are designed so that they can take their input from standard input and send their output to standard output. This means they can be connected together in a piped sequence. For example, a typical Unixy sort of thing would be to do something like

$ cat /var/milter-greylist/greylist.db | awk ‘{ print $1 }’ | sort | uniq | wc -l

which takes a text database, grabs the first entry on each line, sorts them, removes duplicates, and finally counts the number of remaining lines. Since the first entry on each line in greylist.db is the incoming IP address, this gives the number of unique IP addresses represented in the database.

Besides the simplicity and power of this approach, there are other important concerns, including security, performance and maintenance.

Security is always an important issue. The more features, connections and angles a piece of software has, the more likely it is to have a bug that can be exploited. The process of installing and securing a system includes a significant portion of time spent eliminating unnecessary or risky functionality. In its simplest form, this means removing things like rsh, rlogin, telnet and ftp and requiring the use of ssh or scp. In a broader sense, it develops into an approach used to make choices. Given two software packages that serve the same purpose, choose the one that solves the problem simply and elegantly. Don’t choose the one that requires the installation of several additional packages in order to achieve a web GUI administration interface with animated charts. You probably don’t need that functionality, and it opens you up to many more possible exploits that could compromise your system.

Performance concerns have some things in common with security concerns. A simple elegant solution may have a very small footprint on your system in terms of resource demand. Add all the extra stuff and you may find your system bogging down. That may make the manufacturers of memory and CPU upgrades happy, but it won’t make you happy unless you like spending more money on hardware gadgets and upgrades all the time while getting less out of your existing machine.

Maintenance is easier when you don’t have all those other packages to be concerned about. Every piece of software installed should be tracked for security vulnerabilities and updates. When an update is required, compatibility with other interdependent packages on your system has to be taken into consideration. A complex installation which requires one piece to be upgraded may cause a cascade of necessary upgrades that have to be done in the right order. In the worst, this may require that important services be down for a lengthy period while upgrading. Or, if something fails, the troubleshooting can be much more difficult and the resultant downtime longer.

2 thoughts on “What is a Minimalist SysAdmin?

  1. Marco N

    One of the reasons I particularly like Unix is that it supports users’ growing sophistication. It comes with tools that can be used simply but are complex enough to be flexible as users’ needs and knowledge grows.

    For instance, your milter munge can be reduced to:

    awk ‘{a[$1]++} END {for ( i in a ) print a[i], i | “sort “}’ /var/milter-greylist/greylist.db

    Later, a user could add ‘! /^#/’ to exclude comments, etc.

  2. choogend Post author

    Yes, of course. You could certainly do it that way. Every unix admin will have their favorite tools and approaches.

    I chose the example more as a demonstration of unix with multiple tools and piping. Your example is more a demonstration of awk, which can do a lot more than most admins ever get into. Both approaches work. Some admins might even choose to throw a perl snippet at it. It can depend a lot on experience and preferences.

Leave a Reply

Your email address will not be published. Required fields are marked *