Heather Madrone wrote:
At 03:29 PM 11/17/2002 -0500, William H. Magill wrote:We're saying much of the same thing, however, this problem which you describe is not an OS or vendor level problem and not even an ACL problem. It's a programmer/admin attitude problem, exemplified by the constant stream of questions asking how to login as root under OS X, or why they can't su to root anymore. It's a basic mentality; a way of thinking about the problem - issue.
I'm dyed with that mentality from head to toe; I like having a root password in my pocket. On personal systems, I always use an account with full administrator privileges. It seems silly to have one account for me as a human being and another for me as God.
You've never typed a wrong command?
I think this is where the real distinction comes in, if we are talking about corporate environments that are a 30 person single office company that uses a 386 linux system to run their laser printer that is one thing, how many people could actually have access anyways, but it is entirely different in a large company that is more focused on security and has to be, or in a college environment where you may have ten thousand or more students on a system, 10% of which are trying to see if they can crack root.In a corporate environment, I can certainly understand wanting layers of protection, but, in many cases, the layers of protection seem much more complicated than they need to be. You can waste a lot of time if you have to wait for someone with the right password to move a file or install a printer. People, being people, almost invariably configure systems like clearcase so that they are more trouble than they are worth.
Depends on what is at stake, again, if it is a printer won't be used for a couple hours who cares, if it is several billion dollars of transfers won't happen for a day or two then it is a real problem and it is worth the extra admin costs to know that the only people dorking with your systems *should* know what they are doing, and even they may make mistakes occasionally.The concepts of distributed authority are simply foreign to the Unix (and Linux) community. And the problems are acerbated by the fact that the traditional Unix System Administrator still expects to do everything as root. The vendors are just responding to customer demand -- or more accurately, the lack thereof -- for security features. Tru64 Unix (aka OSF/1 aka Digital Unix) has supported a C2 environment out-of-the-box since it's first release back in about 1990. But is it used? No. The few who wanted "enhanced security" only wanted a "shadow password" file, because that's all that BSD and Sun offered. They were not interested in taking the time to learn the ins and outs of C2 because "we don't need that level of security."
Well, do they? Are the reduced risks worth the increased administrative costs?
This is the wrong logic to use. Why would anyone use a computer at all, I mean why talk on the phone when someone could just meet in person? Why use a database when you could just hire a million secretaries to remember 10 phone numbers.
I worked in hard and soft crash recovery systems for years. My job
was to be able to get database systems back online fast if someone
ran a forklift through the machine room. I spent my time devising
systems that wouldn't crash, and, when they did crash, would come
back up quickly without losing a scrap of data.
Aside from enterprise-critical database operations, most installations
didn't care. If their disks crashed, they could hire a bank of
secretaries to type their data back in.
Not now, but in the future...Apple is trying to enter this space, and like I mentioned earlier the higher education space.I can't imagine many Mac installations that justify the sorts of protections you're suggesting. Protect the servers, sure, but don't wall the users off from their own systems so they have to call ops in every time they insert a CD.
Personally I keep my account with sudo shell access so that when I need to do something as root it is a conscious effort. And I will admit it has still come back to bite me on occasion.
Which brings me to a new point in the discussion, I am surprised no one has mentioned sudo, I like it as a method of control, that is control what a user can do rather than what files they can and can't read/write. Obviously this requires knowledge about the relationships between the files and the applications, and allows for a different kind of access.
But then again I am biased I come from the linux side of things rather than windoze or classic mac.
http://danconia.org
