Date: Thu, 1 Nov 2001 13:55:58 +0100 From: Stijn Hoop <stijn@win.tue.nl> To: Anthony Atkielski <anthony@atkielski.com> Cc: FreeBSD Questions <freebsd-questions@freebsd.org> Subject: Re: Tiny starter configuration for FreeBSD Message-ID: <20011101135558.H70817@pcwin002.win.tue.nl> In-Reply-To: <009601c162cd$70da3190$0a00000a@atkielski.com>; from anthony@atkielski.com on Thu, Nov 01, 2001 at 01:04:56PM %2B0100 References: <005a01c161ed$a19933c0$1401a8c0@tedm.placo.com> <5.1.0.14.2.20011101165340.02192a40@pop.ozemail.com.au> <005301c162bd$59ac2740$0a00000a@atkielski.com> <006e01c162bf$8c5d87e0$0b64a8c0@becca> <006b01c162c4$c6597cb0$0a00000a@atkielski.com> <20011101224321.H35710@k7.mavetju.org> <009601c162cd$70da3190$0a00000a@atkielski.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Sorry to jump in on a thread that already has gone way off topic, but... On Thu, Nov 01, 2001 at 01:04:56PM +0100, Anthony Atkielski wrote: > For the local desktop, this is true, as it is rather like the system > console in UNIX. However, any number of people can be logged into the > system remotely, This functionality is not in the base OS as far as I know. > or as services (daemons). NT/2000 processes need not be > associated with a desktop or console, and it is possible to be logged in > without having a process assigned (persons using the http or other > services, for example). ?! *that's* a login? you mean you can actually log on to a Windows domain using http, using base OS functionality? *and* do something useful? > > Me myself I don't have problems with the one-person= > > who-can-do-anything principle because the seperation > > in groups is already built-in under Unix (how I see it): > > It's fine if only one person does all administration. It's a serious problem > when the system is administered by a team, particularly when team members are > dedicated to specific tasks only. Why does it work so well in practice then? I'd think we'd all gone to a 'better' model if there was one - tell you what, you can also grant privileges in *nix on another level than 'root/non-root' nowadays (think groups, sudo, countless other possibilities). > In NT/2000, you can divide administrative responsibility easily and securely > among any number of users and groups. And that's why we need to give all users administrator access because otherwise nobody can install any software? (yes, network shared programs are possible, and yes, this also has it's drawbacks - been there). > > For example we needed a group of people who could > > restart a name-daemon. One small script, owned by > > user root and group dnsadmin, permissions 4755: Only > > people who were in the group dnsadmin could do the task. > > But the script that does it must change its userid to accomplish the task, > because only root can do the deed. > > Under Windows, you can give permission to do the deed to a completely > separate userid or group, and this userid or group can > run scripts under its own identity to complete the task. There is never any > risk of the script being all-powerful, so even if it were corrupted or turned > away from its legitimate use, there would be very little risk of system > compromise. > > For example, in Windows, you can give a user(s) or group(s) permission just to > start a service (daemon), and nothing else. So they can write their own > script to do this, and the script still won't be able to change passwords or > do other special stuff, because it will never execute under an identity with > any other permissions. It's all possible - go read up on sudo(1) (yes things still run as root, but that's only because of the port < 1024 problem; and it's entirely possible to sandbox a named, it's even in base FreeBSD). > > Maybe your example wasn't well formulated and > > you want to do it again? > > If you work with NT, the limitations of UNIX are glaringly and painfully > obvious with respect to security. If you work with NT, you have to keep up with the numerous vulnerability patches, not to mention the resource runouts (oh, this server's been up a few weeks, no wonder it's 256M memory is full). I'd rather work with 'glaringly obvious limited security' that has proven itself for about 30 years already. > At the same time, the limitations of NT with respect > to remote use and administration are irritating in the extreme once you've > worked with UNIX. > > And if you've worked with Multics, both of these operating systems seem to be > lacking in security and flexibility--although few people miss the legendary > slowness of Multics, or some of its other failings. Never been there. But somehow I also wonder; if the concepts behind this system were so great, why weren't they reimplemented somewhere? > > Of course it can be that my examples weren't what > > you expected to be, but these are from my experiences > > as system administrator who had to walk between > > total user-anarchy vs system-security. > > You do what you can with UNIX, but it's very delicate and very easy to mess > up, Yep, that's UNIX for you - and the first real argument for someone to switch to an 'easier' OS, say Windows NT. > and some things are simply impossible entirely. I'd really love to know what things that would be. --Stijn -- Fictitious Country Song Title of the Week: "How Can I Miss You if You Won't Go Away?" To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20011101135558.H70817>