A Close Shave

There is a definite difference between the i386 Partition Table on disk and the one the kernel knows about. On disk it might say your 2 Terabytes are still there, but you cannot mount them. And you cannot figure out why. The disks are there but any command issued will return "No such device"
Well, if you did not know the above difference, you might get your backup tapes and start updating your resume. If you did know, you would issue "partprobe" and everything would be fine.
- from one who had to find out...

Unix Design Flaw

This has been a niggling thing in the back of my mind for some time now:
Consider an installation with central authentication. The root-account is local to each machine, all other accounts get drawn from, say, LDAP. Now any root on any client can assume any identity that gets served by, say, LDAP and thus read that identities files on any fileserver. So you say, ok we don't give them root on the workstations but that takes effort and is hard to police. Also anyone can install a system in minutes. So you have to secure your DHCP. Current solution then is:
1. Workstations root-account barred.
1a. (Maybe some use of sudo. sudo itself has problems, too, though. )
2. LDAP Server Access Secured with krb5 and SSL.
3. DHCP secured against new workstation, or new workstations get "guest status" in a different VLAN.

...but that is a hard one to police. Looking for simplification.
Comments welcome.