On Fri, Dec 21, 2001 at 02:46:55PM +0000, Jonathan Peterson wrote: > Chris Benson wrote: > > But surely this discussion is pointless since everyone logs in as > > Administrator[*1] and leaves the permissions as they are, don't they. > Nix and NT share this trait. There are a number of common tasks that > should be do-able as a user but you actually have to be root/admin to do > them.
Such as? Mounting CDs and floppies? the automounter does it setting up a PPP connection? your sysasdmin should have configured the appropriate setuid root stuff Installing software? if you can't install it in your home directory, then a user has no business trying to install it I use a Solaris machine as my desktop at work. I don't have root. I rarely need root. When I do it is to do things like install extra software for testing, or so I can do networky things. Every single one of those cases is legitimate development work, and I do it on a dev server where the admins will do that for me. Even on my own personal Linux desktop, where I do have root, I have used that capability [looks at logs] just once in the last 24 hours*. Today is not unusual. > Then people get into the habit of (for instance) always installing > new software as root/admin rather than checking to see what permissions > are _actually_ required. That's a people problem, not an OS problem. But on Windows this is more likely to be required. > However, in file sharing situations, Unix's (default?) permission system > is utterly useless, and not nearly fine grained enough to cope with real > requirements in large offices. Same as NT. Having a PDC and BDC and domain accounts is most definitely not the default, and it's a bugger to administer too by all accounts. On 'nix we have NIS to do that job, and whilst it's a bugger to set up properly and securely (some would argue that it *can't* be set up securely**) it is at least easy to administer once it has been. * - sudo apt-get update; sudo apt-get upgrade ** - I say that it depends how secure you need to be. It can certainly be secure enough for us to use at work for well over a hundred users, with probably the worst user demographic possible from a security PoV. -- David Cantrell | [EMAIL PROTECTED] | http://www.cantrell.org.uk/david The Americans will always do the right thing... after they've exhausted all the alternatives. -- Winston Churchill
