Linux Admin

Why You Should Never Steal From a Linux Admin

Being a sysadmin does come with its ups and down.  It’s not a job which comes with glory or fame. The pay is bad and the work hours are long. Simply put system administration is a job for those who love and have a passion for administering computers and their users.

However being a sysadmin is not all doom and gloom.  Occasionally some ray of fun and power shines through the lonely boring Text based computer terminal (where we get to spend most of our working – and non working- hours). THAT day was one of the such days.

I had to do some work in the computer lab the day before. But when I closed for the day I left behind my most priced Scandisk 4GB usb thumb drive. I left it attached to a workstation I was setting up. I realized this very late and even then was too tired to bother going back to get it. Next day when I got to work I discovered that my thumb drive was missing. I asked some students who use the lab if there have seen my drive but no one seem to have any information about it. I was going to give up when a colleague suggested I check the syslog to see when the drive was removed from the pc it was attached to.  Syslog showed it was disconnected around 22:05 5  hours after I closed from work.

Jul 22 22:05:19 aust-desktop kernel: [25109.783629] usb 1-6: USB disconnect, address 4

Every computer where I work has been configured to authenticate with our central ldap server. The particular PC I was working on however has not been set up to use this authentication so chances are that the individual who took my usb drive must have gone to the PC with the intention of use it for work before noticing the drive. He most have tried logging in and  because the PC was not connected to ldap must have been told his login was not successful. Either way I decided to check the auth. Log of the PC which keeps a record of all logging attempts. From there I noticed a failed logging in from a certain username at around 22:03 (about the same time the usb was disconnected).

Jul 22 22:03:49 aust-desktop gdm-session-worker[2653]: pam_succeed_if(gdm:auth): error retrieving information about user nameofuser

I went through the record of our users and was able to link the username to the particular user. Thankfully his phone number was also part of the records. I simply gave him a call and politely asked him to give back what belong to me. He stuttered and said he had taken it for safe keeping. I said I completely understood  thanked him and told him I would appreciate if he could drop the drive at my desk. I am happy to say that I got my drive back Thanks to a little bit of luck mixed with some sysadmin Ninja moves.

Guess we can say the moral of the story is NEVER steal a usb drive belonging to your system admin especially when it is connected to a system that runs *Unix. Or better still don’t steal period.