In a message dated: Sun, 07 Jul 2002 22:54:46 EDT
[EMAIL PROTECTED] said:
> I find your stance rather hypocritical,
In what way? All I'm saying is that a user should be able to run
Linux on their desktop especially if they're willing to do so "on
their dime" so to speak. In other words, if I'm not requesting any
assistance from corp IT, I'm not making any trouble, and I'm not
breaking any rules (other than the "we run windows" mandate),
where's the harm? Especially if it increases my productivity!
>given the involved and heated debate that once went on in this very
>forum with regard to whether or not users should have root access to
>their workstations, with you weighing in quite stringently on the "no"
>side. :)
Totally different scenario. At the time, we were discussing users
who:
1. were accessing centrally controlled file
systems with root priviledges
2. had the ability to su to root, then su to other
users and access data they should not have access
to.
3. did not have a need for root access on their desktop
systems.
4. could easily accomplish their work without root access
to the desktop system which also had access to the
centrally located corporate file systems.
(IOW, their work did not require access to NFS file
systems, but might have required root priviledges, which
could have been granted on a separate machine, via
VMWare, or using sudo.)
I'm saying that a user should be able to use Linux as their Desktop
OS. Sure, using Linux may present some of the same security concerns
we were attempting to address by disallowing root on the desktop.
However, there are some differences:
1. In a sight using Windows, how concerned with security are
they really?
2. SMB may not be the greatest, but it at least has user
level authentication, which is something NFS does not.
> What it basically boiled down to was that corporate IT staff has to
>support and maintain corporate IT systems -- including all production
>networks and computers that connect to them -- and, in such an enviornment,
>with IT staff rightly being held accountable for it all, the IT staff should
>have every right to insist you run things "their way". Now that "their way"
>and "your way" are not mutually inclusive, you suddenly change your tune.
I'm NOT TALKING ABOUT CORPORATE IT SYSTEMS. A Desktop is not a
"Corporate IT system", at least IMO. A Corporate IT system is
something a.k.a. a server, something which is a central resource to
the company or organization as a whole. A desktop is just that, one
individual's system which, if taken offline indefinitely, would pose
no threat to the environment at all (at least, it shouldn't).
> Don't give me the "I'm more productive on Unix" line, either. :) The
>productivity argument was put forward during the "root access" debate, and
>your position was that reliable corproate operations trumped that, even in
>cases where root access was not just a matter of productivity, but being
>able to do your job at all. Your position was that, if root access was well
>and truly required, a special lab enviornment, carefully isolated from the
>production enviornment, was the only acceptable approach.
And I still maintain that argument. But that doesn't negate that I,
and many others are more productive on a UNIX-based OS. There is a
huge difference between me running Linux on my PC to perform the same
basic functions (i.e. web surfing, e-mail, document creation, etc.)
and someone having root access to a desktop in an all UNIX
environment on their desktop, that will, by design, also allow them
to impersonate other users and allow them access to data they
shouldn't have access to. One is a question of security, the other
is of productivity. And yes, often times these two concepts are
mutually exclusive or at the least, inversely proportional. However,
I, as a user, am not compromising anyone's security by using Linux in
an otherwise all-Windows world. In that case, there's little I can
do that I couldn't also do using Windows anyway!
> So, Paul, I'm curious: Is there a real difference here, or is it just that
>you were getting your way before, and in this semi-hypothetical situation,
>you're not? :-)
No, I believe there is HUGE difference! And it has nothing to do
with me not getting my way. I'm running Linux on my system, I'm
happy :) Previously, with the desktop-root-access situation, we
"lost" in the sense that people maintained their root access,
however, we won in many other senses:
1. We were allowed to significantly tighten security
once we showed mgmt how easily their e-mail could be
accessed. (nothing like showing the CEO everyone in the
company had access to his e-mail when it's on an
NFS-exported spool :)
2. We were allowed to eliminate ftp/telnet just about
everywhere.
3. We generally increased the company's overall awareness of
security issues.
4. We got people to realize that ssh/scp really is easier/
faster than telnet/ftp
5. We were relieved from general desktop maintenance
responsability :) :)
--
Seeya,
Paul
----
It may look like I'm just sitting here doing nothing,
but I'm really actively waiting for all my problems to go away.
If you're not having fun, you're not doing it right!
*****************************************************************
To unsubscribe from this list, send mail to [EMAIL PROTECTED]
with the text 'unsubscribe gnhlug' in the message body.
*****************************************************************
