Date: Mon, 7 Jan 2002 16:46:37 +0100 From: Cliff Sarginson <cliff@raggedclown.net> To: FreeBSD-questions <FreeBSD-questions@FreeBSD.ORG> Subject: Re: FYI Re: Can I rename root? Message-ID: <20020107154637.GB3466@raggedclown.net> In-Reply-To: <Pine.GSO.4.31.0201071459050.20828-100000@mail.ilrt.bris.ac.uk> References: <20020107143958.GA2968@raggedclown.net> <Pine.GSO.4.31.0201071459050.20828-100000@mail.ilrt.bris.ac.uk>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, Jan 07, 2002 at 03:05:24PM +0000, Jan Grant wrote: > On Mon, 7 Jan 2002, Cliff Sarginson wrote: > > > On Mon, Jan 07, 2002 at 03:07:45PM +0100, Roman Neuhauser wrote: > > > Truth is that telling someone to do or to avoid something, not > > > telling them why (giving an example), turns the advice into a dogma, > > > and I don't think that's very useful. > > > Does it ? > > Yes; that's what "cargo-cult" sysadmin is all about. > I have no idea what that expression means. And to repeat, he was told why. He just didn't believe it. The experience of systems managers, systems programmers etc (a category into which I fall) was not proof enough for him. Hey, this is a voluntary mailing list, no-one is obliged to offer "proof", but if people ask a question and don't believe the answers experienced people give them, then there is not much point in asking the question. In this case someone dug up a piece of code that proved it to the satisfaction of the person asking the question. Well, that is nice, someone did that. The fact that the proof was a piece of "C" code that the asker probably did not understand seems to be getting glossed over here. A dogma is a belief, usually irrational, or without basis in reality. So if an answer from someone with 20+ years of Systems Management experience is regarded as dogma and ignored, well so be it. The asker is a physicist, maybe he can prove to me that nothing can travel faster than the speed of light without using equations I probably will not understand. E=MC2, prove it to me. > Slightly more on-topic: the notion of "root" is (very, very slowly) > going away - see Trusted Solaris ferinstance. TrustedBSD is working on > much the same kind of thing - "fine-grained system capabilities". FS > ACLs might be a more obvious output of the project, but the notion is > that instead of a single "superuser" account, core system admin roles > may be split amongst accounts. Thus you would be able to have, say, a > security event auditor who could review audit logs, but with little or > no other privileges; and (in a simple scenario) a lower-powered "root" > who could do everything else _except_ modify their audit trail. > > This is, however, some time away from FreeBSD-STABLE (maybe in 5.0?*). > Yes, and is an interesting development. One that has been discussed, even worked on, for at least a decade as far as I am aware but never seems to have surfaced. I know someone who was working for British Telecom, of all the strange institutions*, about 10-15 years ago looking into this. * I say strange because in a security audit at BT some years ago the auditor discovered that the systems manager(s) had written all the key root passwords on a whiteboard in one of the offices. But (and I am not being mean) this has nothing to do with what this thread was discussing. But is much more interesting :) Mmm. Counts as a new thread, so I didn't break my rules :) -- Regards Cliff To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020107154637.GB3466>