Re: Of mice and men
- From: mwojcik@xxxxxxxxxxx (Michael Wojcik)
- Date: 9 May 2005 17:07:19 GMT
In article <j1Lee.22809$3U.1152272@xxxxxxxxxxxxxxxxxxxxx>, Donald Tees <donald_tees@xxxxxxxxxxxx> writes:
> jce wrote:
> > "Donald Tees" <donald_tees@xxxxxxxxxxxx> wrote in message
> >
> >>It is an open OS, that runs as a client/server model, full fledged
> >>multi-user system ... unix at the command line, with enough security that
> >>logged in as a normal user, I cannot change even another user's data, let
> >>alone the OS software (as with a virus)
> >
> > This would depend on how well the sysadm (you or otherwise) and your users
> > maintained their environment no?
>
> No, not really. Security does *NOT* depend on my users at all. They are
> not given the choice. It is not "voluntary", any more than bank
> security is voluntary by the customers.
While it's true that ordinary (non-privileged) users in traditional
Unix environments can't simply disable all the security mechanisms,
the traditional Unix file security mechanism is Discretionary Access
Controls. That means that users *can* grant other users permissions
for filesystem objects they own.
Contrast that with a Mandatory Access Control system, where users do
not have that capability. (That's not the only, or even most important,
difference between DAC and MAC, but it's a difference.)
Where Unix has traditionally differed from (NT-derived) Windows is in
the initial security posture of a newly-installed system, and in
vendors' recommendations for user security behavior. (Versions of
Windows not derived from NT don't count - they're essentially single-
user systems with no real user security to speak of.)
Until recently, Windows made it very difficult to perform many tasks
if you were not logged in under an administrative account. That
meant that in practice many Windows users, including home users who
were generally not technically savvy, ran everything with elevated
permissions and the Windows security model - which, though imperfect,
isn't all that bad - was largely moot. Windows is still not great in
this regard, though steps such as the introduction of the "runas"
command and the ability of the newer software installers to auto-
matically prompt for credentials to increase their privilege help.
(On the other hand, Windows is still to dependant on elevated
privileges for tasks that shouldn't require them.)
Unix, on the other hand, has always encouraged performing normal work
under reduced privileges and only elevating privileges when required.
(The set-UID / set-GID mechanism is central to this design.) While
Unix's implementation of this model has certainly had its share of
problems, it does reduce the system's exposure to the foibles of
ordinary users. (On the other hand, traditional Unix's two-stage
permissions model - root and everyone else - is far too coarse; too
many programs need superuser authority for some minor task and end up
with far too much privilege.)
--
Michael Wojcik michael.wojcik@xxxxxxxxxxxxxx
Although he was an outsider, and excluded from their rites, they were
always particularly charming to him at this time; he and his household
received small courtesies and presents, just because he was outside.
-- E M Forster
.
- References:
- Of mice and men
- From: Pete Dashwood
- Re: Of mice and men
- From: Arnold Trembley
- Re: Of mice and men
- From: Pete Dashwood
- Re: Of mice and men
- From: LX-i
- Re: Of mice and men
- From: Pete Dashwood
- Re: Of mice and men
- From: Donald Tees
- Re: Of mice and men
- From: Pete Dashwood
- Re: Of mice and men
- From: jce
- Re: Of mice and men
- From: Pete Dashwood
- Re: Of mice and men
- From: Donald Tees
- Re: Of mice and men
- From: jce
- Re: Of mice and men
- From: Donald Tees
- Of mice and men
- Prev by Date: Re: Of mice and men
- Next by Date: Re: Of mice and men
- Previous by thread: Re: Of mice and men
- Next by thread: Re: Of mice and men
- Index(es):
Relevant Pages
|
