Cover V05, I03
Table 1
Table 2


Questions and Answers

Bjorn Satdeva

A New Salary Survey for System Administrators

The results of the second SANS Annual System Administration Salary Survey will be published at the conference. However, I have obtained a preview and can give you some of the highlights.

During the past 18 months, the value of effective system administration has become better understood, as corporations have started to run their entire businesses on UNIX platforms and develop important marketing programs based on the World Wide Web. UNIX's growing popularity, both as an alternative to proprietary systems such as IBM mainframes and Digital VAX computers, and as the operating system of choice for the Web, has led to unprecedented demand for system administrators. Average salaries have jumped more than 9 percent in the past 12 months alone.

The survey includes data from 746 system administrators. These administrators work in the government, in universities, and in large and small industrial organizations throughout all parts of the United States and around the world. They are supervisors as well as staff members, with different levels of experience, from a few months to two decades, and they support large and small user bases.

Some of the highlights of the survey are:

  • Salaries for system administrators and security professionals climbed 9 percent from 1994 to 1995. The average salary reported by system administrators was $50,127 in 1995 and $46,009 in 1994.

  • System administrators in the $60,000 to $90,000 salary range received raises that were higher (on both a percentage and a dollar basis) than the raises received by lower paid system administrators and security personnel.

  • Commercial organizations paid salaries that were higher than those paid by government and research organizations, and much higher than those paid in universities.

  • In the first five years of employment, system administrators and security professionals gain increases of approximately $3,000 per year. Later, the increases drop to an average of $2,000 per year.

  • Californians and New Yorkers again led the salary race, and the southwestern United States moved up in the rankings. Europe, Canada, Australia, and the Mideast lagged in salary ratings.

  • Eighty-six percent of system administrators manage more than one type of UNIX system, and there is a substantial pay benefit for those who manage more types.

  • System administrators who manage AIX, SGI, Sun-OS, Solaris, and HP-UX systems reported earning higher salaries than those who manage AT&T CIS, SCO, Univel, Data General, OSF-1, or Ultrix systems.

  • There is a gender pay gap. It is smallest in universities and for administrators with bachelors' degrees, and is highest in commercial and research and development organizations.

  • There is very little pay difference between administrators with only a high school degree, those with some college education, and those with a college degree. In fact, those with only a high school education are paid more, on average, than the other two categories. Somewhat surprisingly, system administrators with PhDs don't get paid, on average, as much as those with no college education at all.

    Summary Tables

    1. How much are system administrators and security professionals paid (see Table 1)?

    The majority (almost 70 percent) of all system administrators earn between $30,000 and $60,000. The top quarter are paid an average of more than $71,000. When the results of this survey are compared with surveys of other information systems professionals, system administrators earn more than telecommunications specialists, LAN managers, network administrators, technical support specialists, help desk managers, and system programmers.

    2. How rapidly are salaries increasing from year to year (see Table 2)?

    Salaries for the surveyed population increased by 9.8 percent, on average, from 1994 to 1995. This is a big jump from the 5.5 percent average increase reported by the surveyed population for 1993 to 1994. It reflects the growing awareness of the value of system administration, especially in banks and financial companies. The highest rates of increase, which far exceed the average increase, are in the higher income brackets. In my opinion, employers -- especially commercial employers -- seem willing to offer substantial increases to retain their senior system administrators, because they recognize how difficult and expensive it will be to replace senior people.

    The details of this survey will be presented at the SANS conference in May, but in the meantime, you may be able to put this data to good use.

    New Release of bind

    Paul Vixie has released the final version of the bind name server after completion of more than a year of intensive beta testing. This version of bind has many improvements for performance, reliability, and security. If you are running an older version of the bind name server, you might want to check this one out:

    or networking/servers/bind

    Tool of the Month

    This month's tool is tcpdump, a program that provides the system administrator with information about traffic on the network. It is a fantastic tool when you want to see what kind of packets move across your network. It has been useful to me, in diagnosing network problems, such as a network card that could receive but not send, or a bad routing table that resulted in packets to certain networks being sent out on the wrong interface in a multihomed machine.

    tcpdump prints out the headers of packets on a network interface (but not the packet content). The program has filtering capabilities, making it possible to look only for the type of packets you are interested in at any given time. Some examples of such commands:

    To print all packets arriving at or departing from heimdal:

    tcpdump host heimdal

    To print traffic between heimdal and either baldr or thor:

    tcpdump host heimdal and
    \( baldr or thor \)

    To print all IP packets between baldr and any host except heimdal:

    tcpdump ip host baldr and not baldr

    tcpdump uses the pcap library, a system-independent interface for user-level packet capture. Before building tcpdump, you must first retrieve and build libpcap.

    tcpdump and libpcap have been built and tested under SGI Irix 4.x and 5.2, SunOS 4.x, Solaris 2.3, BSD/OS, DEC/OSF v1.3 v2.0, and Ultrix 4.x, and may still work for SunOS 3.5, and 4.3BSD Reno/Tahoe (although the authors of the program no longer support these old operating systems).

    The program is loosely based on SMI's "etherfind," although none of the etherfind code remains. It was originally written by Van Jacobson as part of an ongoing research project to investigate and improve TCP and Internet gateway performance. The parts of the program originally taken from Sun's etherfind were later rewritten by Steven McCanne of LBL. To ensure that there would be no vestige of proprietary code in tcpdump, Steve wrote these pieces from the specification given by the manual entry, with no access to the source of tcpdump or etherfind.

    The source for libpcap is available from:*


    The source for tcpdump is available from:*


    Problems, bugs, questions, desirable enhancements, etc. should be sent to

    And now to this month's question:

     Q I was wondering if you have heard of RCS (Revision Control System). I'm looking for an ftp site that has a copy of it. Currently we are using SCCS, but SCCS has a problem with checking a file in the library that includes a long line, such as a long select statement in an SQL report file. If you know of such a site, please let me know ... or what would you recommend?

     A RCS is certainly a better choice than SCCS (Source Code Control System), as it is a much more modern implementation. Aside from the problem that you mentioned, SCCS is a much older system and uses a less efficient way of storing the differences (they are stored as a sequence of edit commands, called deltas) than what is implemented in RCS (for details, see Walter F. Tichy's paper "RCS-A System for Version Control," which is included in the source for RCS).

    You can get RCS from:



    There is also a front-end available for RCS, called CVS (Concurrent Version System), which extends the notion of revision control from a collection of files in a single directory to a hierarchical collection of directories consisting of revision controlled files. CVS has a number of advantages over RCS. For example, programmers are able to check out what they need from the master repository and independently make changes to the files before checking them back in. If two or more people check out the same file, CVS can, in most cases, resolve the differences between the various versions of the file, ensuring that all changes are checked in correctly. If CVS cannot resolve the changes correctly, it will prompt for assistance from the person checking in the changes. Note, however, that CVS requires RCS.

    You can get CVS from:


    About the Author

    Bjorn Satdeva is the president of /sys/admin, inc., a consulting firm which specializes in large installation system administration. Bjorn is also co-founder and former president of Bay-LISA, a San Francisco Bay Area userOs group for system administrators of large sites. Bjorn can be contacted at /sys/admin, inc., 2787 Moorpark Ave., San Jose, CA 95128; electronically at; or by phone at (408) 241-3111.