I didn't notice we changed the reply-to header and replied only to virgil directly.
Forwarding to the list. --MonMotha -------- Original Message -------- Subject: Re: [luau] Group Policies for Linux Date: Sat, 12 Apr 2003 14:34:19 -0500 From: MonMotha <[EMAIL PROTECTED]> To: Virgil <[EMAIL PROTECTED]> References: <[EMAIL PROTECTED]> Virgil wrote:
Hi all, Sorry I'm new to this and it might sound like a crazy question. Does Linux has anything to do with Group Policies (GPO)? If not is there anything similar on Linux that uses or has GPOs? Is this a core technology of Active Directory in Win2000 only? Thanks, Virgil
Linux/UNIX's policy system can't really be compared directly to Win2k/Novell (which are both similar). Win2k/Novell uses a trustee model, where one or more users are directly specified as trustee's of an object. Users can also be members of groups. Arbitrary numbers of users and groups can be specified, each with different permissions. This has the advantage of being very flexible, but it does consume a large amount of metadata and can be a headache for sysadmins trying to figure out which permissions will be given to a particular user/group as permissions can also be inherited, or granted from multiple group memberships. Linux/UNIX use a model where each object (file, device node, fifo, etc) has a single "owner" uid, a single gid, and then permissions for everyone else not specified already. There are three permission bits (WinNT has at least 6, Novell NDS much more): read, write, and execute (for the record, there are some other more exotic ones, such as the setuid bit, setgid bit, and the sticky bit...other than on directories, these have little effect on access, only how things are executed). Each of these three bits can be assigned to the user/owner, group, and others. This is actually a lot more flexible than it sounds, though it can require a fair amount of management of group members (man groupadd, man groupdel, and also see /etc/group). On the plus side, permissions are not inherited (with such a simple system it makes no sense to do so), making it a bit easier for admins to see who has what "rights" (to use an NDS/WinNT term). Hope this helps. --MonMotha
