On Sat, Feb 15, 2003 at 11:58:52AM +0200, Buchan Milne wrote: > On 14 Feb 2003, James Sparenberg wrote: > > > Richard, > > > > In order to test what you say I tried what you are doing with msec > > (yes I know the risks but on this box msec makes doing what I have to do > > for testing and development impossible.) I knew that drakxtools had an > > update so I wanted to see what would happen. > > Sorry to jump in here, but please don't make statements like this as fact. > msec doesn't make things impossible, it only enforces what you have told > it to enforce. Either change security levels or configure it. It may take > a few minutes to setup and a little more discipline, but don't blame msec > ... it is a great tool if you spend a little time on it. Use drakperm and > drakesec to customise. >
msec is a nice tool - for sys admins. For the average user it's nothing more than a pain in the ass. My kids want to create videos, not mess with config scripts. And they shouldn't have to - but with msec installed one of them needed to learn enough to tell msec to stop disabling access to firewire devices so they could use dvgrab and kino. By default it only let "root" use those tools (a stupid default, I know, but a great example of why msec sucks). Their first attempts to change things were undone by msec - even though the changes were made as "root". A definite BAD THING. There should be NO, NONE, ZIP, ZILCH, ZERO, operations performed by "default" that override "root" actions. If "root" does something stupid, "root" should pay the price. The default tools' config should NOT second-guess. At MOST they should issue warnings or mails. Personally, I think msec requires too much education of users to be of any value as a default tool. Not being a sys admin I have no idea if it helps them in any way ( I write software - I rarely use it :) (I hope the reason for quoting of "root" is self-evident. :) -- Murray J. Root
