At 03:29 PM 11/17/2002 -0500, William H. Magill wrote: >We're saying much of the same thing, however, this problem which you >describe is not an OS or vendor level problem and not even an ACL problem. >It's a programmer/admin attitude problem, exemplified by the constant stream >of questions asking how to login as root under OS X, or why they can't su to >root anymore. It's a basic mentality; a way of thinking about the problem - >issue.
I'm dyed with that mentality from head to toe; I like having a root password in my pocket. On personal systems, I always use an account with full administrator privileges. It seems silly to have one account for me as a human being and another for me as God. In a corporate environment, I can certainly understand wanting layers of protection, but, in many cases, the layers of protection seem much more complicated than they need to be. You can waste a lot of time if you have to wait for someone with the right password to move a file or install a printer. People, being people, almost invariably configure systems like clearcase so that they are more trouble than they are worth. >The concepts of distributed authority are simply foreign to the Unix (and >Linux) community. And the problems are acerbated by the fact that the >traditional Unix System Administrator still expects to do everything as >root. The vendors are just responding to customer demand -- or more >accurately, the lack thereof -- for security features. Tru64 Unix (aka OSF/1 >aka Digital Unix) has supported a C2 environment out-of-the-box since it's >first release back in about 1990. But is it used? No. The few who wanted >"enhanced security" only wanted a "shadow password" file, because that's all >that BSD and Sun offered. They were not interested in taking the time to >learn the ins and outs of C2 because "we don't need that level of security." Well, do they? Are the reduced risks worth the increased administrative costs? I worked in hard and soft crash recovery systems for years. My job was to be able to get database systems back online fast if someone ran a forklift through the machine room. I spent my time devising systems that wouldn't crash, and, when they did crash, would come back up quickly without losing a scrap of data. Aside from enterprise-critical database operations, most installations didn't care. If their disks crashed, they could hire a bank of secretaries to type their data back in. I can't imagine many Mac installations that justify the sorts of protections you're suggesting. Protect the servers, sure, but don't wall the users off from their own systems so they have to call ops in every time they insert a CD. Heather Madrone ([EMAIL PROTECTED]) http://www.madrone.com Reality: deeper than I dreamed.
