> I also had write access to system directories on the VAX that we used at work, which I never abused, but which in retrospect seems distressingly trusting.
I can totally understand that feeling, but my personal experience is honestly that "protecting the company from malicious employees" by technical means is often just window dressing.
A patient malicious internal actor that is both technically and socially competent can cause much more damage than most companies would ever admit to themselves (but those actors are rare enough to keep modern workplaces running just fine).
In short I think that just giving employees root access to some important company-internal system could work out surprisingly well even for decently-sized companies (not that I'm advocating for that :P).
It’s less a case of worrying about maliciousness than incompetence. I remember reading a post here about some junior dev who accidentally dropped a production database. I can see an employee accidentally doing a DELETE/FORCE [...]*.*;*¹ in the wrong directory.
⸻
1. The VMS equivalent, to the best of my recollection, of rm -rf *
I can totally understand that feeling, but my personal experience is honestly that "protecting the company from malicious employees" by technical means is often just window dressing.
A patient malicious internal actor that is both technically and socially competent can cause much more damage than most companies would ever admit to themselves (but those actors are rare enough to keep modern workplaces running just fine).
In short I think that just giving employees root access to some important company-internal system could work out surprisingly well even for decently-sized companies (not that I'm advocating for that :P).