Subject: Linux security (was Re: [ILUG-BOM] ZDNET Article)
Date: Fri, 07 Jul 2000 18:40:36 +0530

"Nagarjuna G." wrote:

> > Linux doesn't even have a proper security model!
> >
> 
> While I managed to read between the lines of all that you wrote, this
> one failed to make sense.  Can you explain?

Just pointing out that the user/group/other security model is too
simplistic and that too many administrative tasks are handled by just
one root account.

Suppose my server is an e-mail server among other things, and I want to
assign all e-mail related management to another person. How do I do
this? Among the various things I need to do are:

1) Give access to the useradd/del/foo commands.
2) Give access to sendmail/qmail's configuration files.
3) Give access to every user's .forward/.qmail files.

How do I go about doing this? qmail's configuration files are
particularly painful since they're all owned by different users, and can
only be modified by that user or root. qmail will complain very loudly
if I change ownership on any of the files.

Remember I can't make them world-writable. I want to give access to only
one person.

sudo helps to a large extent, but has it's limitations. How do I specify
that the user can run one command on this particular file, but nothing
else? I could put that in a shell script and give him permissions to it,
but that's a rather messy way to do it.

Bottomline: Flexible security is possible, but is so painful most
administrators would rather handle everything themselves or trust the
sub-admin with more powers than needed.

Only a simple modification to the permission system is needed to make
flexible security really easy: make it possible to have multiple groups.

So a particular file could have it's standard owner and group, and
another set of permissions for the "mailadmin" group, and no rights for
anyone else.

if I understand correctly, this is how Windows NT does permissions.
Microsoft's implementations are suspect, but you'll have to give it to
them for good designs.

The Linux ACL project is doing something similar. They have preliminary
results in the 2.2 kernel series, but I haven't seen anybody
implementing it yet. This will hopefully improve in the 2.4 series.

-- 

Kiran Jonnalagadda
http://lunateks.com

baby.sh: while true; do echo "^G^G^G^G^G"; sed -e 's/food/poop/';
sync; sync; sleep 15; done