Lonnie Cumberland wrote:
>Well, I was just thinking back to the days of Novell and seem to remember that
>when a user logged in, they were mapped into their own user space and generally
>did not have access to other areas.
>
Well the days of Novell are not over yet. This OS still works in many
places and preforms marvelously the task it is meant for. Besides, today
one can easily use it from a Linux box. At least Mandrake 8 costed me
less than 10 minutes to connect to our Novell 5 server. Btw, I think
Mandrake people could help those in need to connect to a Novell server.
All that is needed is to load the ipx module and make a small script where:
ipx_configure --auto_primary on --auto_interface on
ncpmount -S YOURSERVER -U user.context.context /mountpoint
In some cases there is the need to forcefully specify the interface.
This seems true for cases when your machine is not in the same LAN
segment of the file server:
ipx_interface add -p eth0 802.2
In most cases it is better to specify the server you wanna connect to.
And obligatory to write your user name in full, context included. Ex.
john.finances.acme.usa
Et voila. Transfer speeds look worser on Linux but not much. In much
cases they are acceptable.
Now turning the theme to other aspect. Lonnie, don't mess a
_file_server_ with an application server. The philosophy beyond Novell
is a great one. But that's for file servers. In most cases, Novell is
meant just for centralized massive storage with high preformance
transfers. For users, there is nothing to do there, except store and
retrieve files. And most apps in a Novell server are for administrative
purposes only.
Now UNIX is an application server system. Yes, today we use it as a
desktop workhorse but even the user-friendly Mandrake still lives in the
app-server world. And that's why we have mega-folders like /usr/bin and
/usr/share or /usr/lib. Because applications are meant for general and
broad use. This is good and bad.
The good is that this is more economical than the Windows clobbering
system. Yes, Windows had a good idea to divide apps on different
folders. However it does not differ things on executables, libraries,
documents or data. In result, you may fell that Windows is more
organized than Linux but in fact you are getting doubling libraries,
conflicts on installs, and a mess where God knows where that
super-needed *.zzz file went to. Unix and Linux make the other way. They
rarely divide applications from each other. However alll gurus,
penguins and demons do hate to see a shared library in the wrong place.
Or a program laying on some /opt/apt/ept/bin/sbin. There is a standard
and the *NIX world does love it. This manages to make installs, upgrades
and use much easier.
The bad thing is that you get some super-mega directories to
administrate. For the eye, it is a hell to look around more than 1500
files (right now I have 2111 in /usr/bin). If there is a task to
restrict certain apps to different classes of users, then one may have a
serious problem here. There are some solutions for this like using
/usr/local or /opt. Well, /usr/local was made for such a thing. However,
this can be used only in cases when you have three classes of users -
administrative, advanced users and the not so advanced aka local users.
That was the primordial idea of the Unix file hierarchy. Well, in most
cases, such hierarchy is quite useful. but there are always exceptions
that spoil the picture. I have seen situations where there is a need to
make a division of users in 5 classes with a complex mix of rights. On
Windows world, one can achieve such divisions by the use of such tools
like Novell ZenWorks and Novell NDS. On Unix/Linux, the task may be
achievable, but, it demands some good expertise and it will not be easy
to administrate.
Well, it is a pitty that Novell is mostly a demand-money corporation
(they even started to charge their Novell 6Beta). So it is hard to
predict that we will one day see NDSes or ZenWorkes in use here. But
there is a light in the tunnel. First, it is the appearence of Ganymede,
finally on version 1.0. This tool pretends to fill the gap of not
having a free NDS system on *NIXes. It is still a far step away from NDS
but I believe that it is already worth a use. Second, we are seeing the
emergence of a true access control system on Linux. I hate partisan
discussions, so I will mention several tools that I believe are worth a
great future, sorry if I forget some other great ones: RSBAC, SELinux,
LOMAC, LIDS, ACL for Linux. Some are still in the forge, other are
already pretty workable. None of them may claim an universal answer "for
anything, for everything". In fact, all these and other admin tools,
like atsar, have a "red corner" where they will shine. For example RSBAC
may be useful to administer some large networks of workstations, the
fascist SELinux looks good for server administration, while LOMAC or
LIDS may hit the stars on notebooks or administrative stations. And even
such things like the simplistic ACL may be of great help for the general
user, who doesn't want to break his head on rulesets and loggings. Well
this may sound too much but I believe that having 30 different races of
penguins is much better than having 30,000,000 emperor penguins marching
in square formation and goose step...
Meanwhile a problem does remain. Having a mega-hyper-super folder like
/usr/bin will not be practical for cases when you want to devide users
in more than two-three classes. Well, one may do it "by hand". But what
if you are dealing with a mega-large corporate network? A set of a
internal policy may not be an optimal solution, as you probably are not
Lord Brittanic and the corporation probably works with thousands of
users and several companies. Here, I do think that a broad standard
policy should be implemented.
Ektanoor
>
>
[...]
>
>
>
>
>----
>Lonnie Cumberland
>OutStep Technologies Incorporated
>
>URL: http://www.outstep.com
>EMAIL: [EMAIL PROTECTED]
> : [EMAIL PROTECTED]
>
>
