On Fri, 30 Aug 2002 18:16:45 -0700, Jamie Heilman wrote: > .. There is no legitimate reason to jump through all these >hoops just to hide your tcp wrappers configuration from your local >users.
I come to the Land Of Unix from mainframes, where I used to earn my crust. The mainframes had a tight security lockdown from out of the box (or truck, as the case usually was of course :). I'm used to a security stance of "access-to-anything-is-denied-unless-explicitly-permitted", which I feel is absolutely the right approach. I'm a bit taken aback by the idea of allowing everybody to see everything by default (mask 022 ? - has to be the wrong thing ..) I'm constantly looking for ways of achieving the same discretionary access control stance in my personal Unix box. Humour me ? >If the requirements for your host dictate minimal access rights >use an access control system thats been designed to achieve it I'd be very interested to hear about any such options in the Linux world. AFAIK, Linux ACL facilities are still experimental (http://packages.debian.org/testing/admin/kernel-patch-acl.html) Thanks for your commentary, which was welcome. Nick Boyce Bristol, UK -- The last ~700 Kalahari Bushmen are being evicted from their ancestral homeland by the Botswanan government *now*, so that De Beers & Anglo-American can prospect for diamonds. The Bushmen are having their water supply cut off ... [11.Jan.2002]
