Mail from ILUG-BOM list (Non-Digest Mode)
On Sat Jul 08, 2000 at 04:24:37PM +0530, Kiran Jonnalagadda wrote:
> Manas Garg wrote:
> > Hmmmm. It's interesting. But sudo man page clearly says that you can specify
> > not only the command name but also the arguments to that command and that
>
> My biggest grouch with sudo is that it's an external program, not a
> transparent extension to the kernel's security framework. I can't recall
I don't really understand whether you want to talk about the security
model of the kernel or the security model embedded in the framework of all the
applications (that run on it) put together. sudo is external but a standard.
It'll be packaged with the base/core of the system (or at least it should be).
sudo is very clearly an extension to the kernel's security framework
implemented in user space. It may not be seamless but it does all that I'll
ever want to do.
> any example off the top of my head, but: given that most Linux apps have
> very standardized names and command line syntaxes, they're always
> referred to directly (unlike Windows where there's usually a registry
> key to indicate the program's name). Now what if you want to start a
> particular command with sudo?
sudo command :) I don't really think I could follow your point.
> You'll need to edit the script (god help you if it's big) and make a
> replacement. And if an upgrade later erases your changes, you'll have to
> do it again.
That's the reason people take backups. And if sudo file becomes big, there is
some problem in the way security is being implemented in the organization.
> How many administrators do you think are willing to go through this?
Nobody actually does! And a sysadmin who is fool enough to create a situation
like this, deserves to go through this!!
> sudo doesn't work at all again when you're using a large app, like
> Samba. I've been through the pain of configuring restricted access in
> samba and I was forced to stop at giving a particular set of users
> complete access to a shared folder, instead of specific ownerships.
Don't you think you can also come up with situations where sudo fits so
beautifully that you feel they were made for each other :). I am sure if I work
on Windows, I'll also be able to make a list of painful things in just 2 days.
(Can you use grep on log files in Windows?)
Probably, sudo can be modified to ease the kind of pain you had. But I don't
really think that the changes need to go down to the kernel. Calling the whole
security model of Linux improper just because you are not happy with sudo is
probably not the right thing. It's actually a multiuser OS (unlike that well
designed OS NT). Make NT a multiuser system and everybody will know .....
> > Matter of opinion. I have never faced this problem. By the way, security is
> > always painful. Don't you think so?
>
> That's the point I'm fighting. Why must security be painful? Why do we
> take pride in Linux being painful to the new user? What's wrong with
> building an easier interface?
I was not talking about security in Linux. I was talking about security in
general. Do you really believe that NT becomes secure just because you feel
it's secure now. One of my friend who knows NT very well (and by very well, I
do mean very well) says that making NT secure is not a joke (though it's not
impossible also). And I've every reason to believe what he says. Security is
not binary, it's contiguous. It's not something that you either have or you
don't have. It's less or it's more. Security is not something with which
newcomers deal with. It's a job of experts and better left to them. And that's
true in NT paradigm also. Whosoever says that I have got this sysadmin who does
not know any damned thing in the world about computers but he can make NT
secure is fooling himself. Building easier interfaces is not wrong, but you
should not take powers away from the user. It's simple, this is my machine, I
own this, I want to know every damned thing that goes on inside it and I want
control over all those damned things.
I was also a newcomer. I also took a full day to learn how grep works (and
nobody told me that, it was just man pages). I never worked on Windows (well,
almost never). I have been through this pain. But that one day effort has saved
me so much time and energy and made so many things possible, I can't even
figure out. By the way, GNOME and KDE are efforts in that direction only. But
I can't part with grep/vi/mutt/perl/|/> etc.
> Graphical interfaces don't need to be dumb. They're simply visual cues to
> what is possible.
> Take Borland's Delphi as an example of a graphical interface done right. It
> Delphi is proof that good interfaces are possible. We do not need to look at
> Microsoft and Apple and decide that GUIs don't mix with flexibility and
> power.
I guess we were talking about security model and I don't know how Borland's
Delphi's interface fits into this.
> > But that is already there. No? Every user has one primary group and can
> > have multiple secondary group. In fact, this is how CVS system in our
> > company works.
>
> You didn't get it. I want groupA to have read-write permissions, groupB to
> have read-only permissions, and nothing for everyone else, for a particular
> file. How do I do that?
You don't really have to do everything that you want (or may want) to do. Human
mind can want anything. For example:
A B C D E F G
rw- r-x r-- -w- -wx --x rwx
If A,B,C,D,E,F&G are differnt groups and this is how I want to give them
permissions on the file, how do I go about doing it :) The point is not whether
I can do this or not, The point is why you want to do this. For such problems,
sudo works pretty fine. It really does.
> > > So a particular file could have it's standard owner and group, and
> > > another set of permissions for the "mailadmin" group, and no rights for
> > > anyone else.
> >
> > What's wrong with adding mailadmin user to the so called standard group of
> > the file.
>
> Doesn't always work. Some (fetchmail and procmail notably) insist that the
> group not have write permissions.
They will insist it even if you associate 100s of extra groups with a file.
It's the model witch these programs have chosen to work with.
As I mentioned earlier, I can also list 50 such limitations in the way things
work in NT in 2 days.
> > Having said all this, I do admit that part of what you say have said is
> > right but I don't really think that it had to come out as an outburst of
> > such strong feelings.
>
> My issue is with people here starting to feel that Linux is as good as
> anything gets and that everyone else needs to get up to speed now. That's a
> dangerous state of mind. It encourages stagnation.
Ok. Linux can do a lot of things (more than many can think of) but it can't do
*everything*. Also, it's damn good at most of the things but it's not the best
at everything. But again we were talking about the improperness in the security
model of linux and after one full day, I still don't have a reason to believe
that it's security model is improper! (I apologise I am really slow at grasping
things :)
--manas
_______________________________________________
Website: http://www.ilug-bom.org.in/ilug
Linuxers mailing list
[EMAIL PROTECTED]
http://ilug-bom.org.in/mailman/listinfo/linuxers
