In a message dated: Sun, 07 Jul 2002 22:54:46 EDT [EMAIL PROTECTED] said:
> I find your stance rather hypocritical, In what way? All I'm saying is that a user should be able to run Linux on their desktop especially if they're willing to do so "on their dime" so to speak. In other words, if I'm not requesting any assistance from corp IT, I'm not making any trouble, and I'm not breaking any rules (other than the "we run windows" mandate), where's the harm? Especially if it increases my productivity! >given the involved and heated debate that once went on in this very >forum with regard to whether or not users should have root access to >their workstations, with you weighing in quite stringently on the "no" >side. :) Totally different scenario. At the time, we were discussing users who: 1. were accessing centrally controlled file systems with root priviledges 2. had the ability to su to root, then su to other users and access data they should not have access to. 3. did not have a need for root access on their desktop systems. 4. could easily accomplish their work without root access to the desktop system which also had access to the centrally located corporate file systems. (IOW, their work did not require access to NFS file systems, but might have required root priviledges, which could have been granted on a separate machine, via VMWare, or using sudo.) I'm saying that a user should be able to use Linux as their Desktop OS. Sure, using Linux may present some of the same security concerns we were attempting to address by disallowing root on the desktop. However, there are some differences: 1. In a sight using Windows, how concerned with security are they really? 2. SMB may not be the greatest, but it at least has user level authentication, which is something NFS does not. > What it basically boiled down to was that corporate IT staff has to >support and maintain corporate IT systems -- including all production >networks and computers that connect to them -- and, in such an enviornment, >with IT staff rightly being held accountable for it all, the IT staff should >have every right to insist you run things "their way". Now that "their way" >and "your way" are not mutually inclusive, you suddenly change your tune. I'm NOT TALKING ABOUT CORPORATE IT SYSTEMS. A Desktop is not a "Corporate IT system", at least IMO. A Corporate IT system is something a.k.a. a server, something which is a central resource to the company or organization as a whole. A desktop is just that, one individual's system which, if taken offline indefinitely, would pose no threat to the environment at all (at least, it shouldn't). > Don't give me the "I'm more productive on Unix" line, either. :) The >productivity argument was put forward during the "root access" debate, and >your position was that reliable corproate operations trumped that, even in >cases where root access was not just a matter of productivity, but being >able to do your job at all. Your position was that, if root access was well >and truly required, a special lab enviornment, carefully isolated from the >production enviornment, was the only acceptable approach. And I still maintain that argument. But that doesn't negate that I, and many others are more productive on a UNIX-based OS. There is a huge difference between me running Linux on my PC to perform the same basic functions (i.e. web surfing, e-mail, document creation, etc.) and someone having root access to a desktop in an all UNIX environment on their desktop, that will, by design, also allow them to impersonate other users and allow them access to data they shouldn't have access to. One is a question of security, the other is of productivity. And yes, often times these two concepts are mutually exclusive or at the least, inversely proportional. However, I, as a user, am not compromising anyone's security by using Linux in an otherwise all-Windows world. In that case, there's little I can do that I couldn't also do using Windows anyway! > So, Paul, I'm curious: Is there a real difference here, or is it just that >you were getting your way before, and in this semi-hypothetical situation, >you're not? :-) No, I believe there is HUGE difference! And it has nothing to do with me not getting my way. I'm running Linux on my system, I'm happy :) Previously, with the desktop-root-access situation, we "lost" in the sense that people maintained their root access, however, we won in many other senses: 1. We were allowed to significantly tighten security once we showed mgmt how easily their e-mail could be accessed. (nothing like showing the CEO everyone in the company had access to his e-mail when it's on an NFS-exported spool :) 2. We were allowed to eliminate ftp/telnet just about everywhere. 3. We generally increased the company's overall awareness of security issues. 4. We got people to realize that ssh/scp really is easier/ faster than telnet/ftp 5. We were relieved from general desktop maintenance responsability :) :) -- Seeya, Paul ---- It may look like I'm just sitting here doing nothing, but I'm really actively waiting for all my problems to go away. If you're not having fun, you're not doing it right! ***************************************************************** To unsubscribe from this list, send mail to [EMAIL PROTECTED] with the text 'unsubscribe gnhlug' in the message body. *****************************************************************