Subject: Linux security (was Re: [ILUG-BOM] ZDNET Article)
Date: Sat, 08 Jul 2000 16:24:37 +0530

Manas Garg wrote:

> Hmmmm. It's interesting. But sudo man page clearly says that you can specify
> not only the command name but also the arguments to that command and that too
> with shell wild chars. Now, I can easily put this line in sudo (or something
> similar) ..
> 
> mailadmin       ALL=/bin/vi .forward
> 
> This line does not let mailadmin edit all the files using vi. Just .forward
> owned by anybody.

My biggest grouch with sudo is that it's an external program, not a
transparent extension to the kernel's security framework. I can't recall
any example off the top of my head, but: given that most Linux apps have
very standardized names and command line syntaxes, they're always
referred to directly (unlike Windows where there's usually a registry
key to indicate the program's name). Now what if you want to start a
particular command with sudo?

You'll need to edit the script (god help you if it's big) and make a
replacement. And if an upgrade later erases your changes, you'll have to
do it again.

How many administrators do you think are willing to go through this?

sudo doesn't work at all again when you're using a large app, like
Samba. I've been through the pain of configuring restricted access in
samba and I was forced to stop at giving a particular set of users
complete access to a shared folder, instead of specific ownerships.

> Matter of opinion. I have never faced this problem. By the way, security is
> always painful. Don't you think so?

That's the point I'm fighting. Why must security be painful?  Why do we
take pride in Linux being painful to the new user? What's wrong with
building an easier interface?

Graphical interfaces don't need to be dumb. They're simply visual cues
to what is possible.

Take Borland's Delphi as an example of a graphical interface done right.
It provided excellent interaction between graphical editor and code
editor. Delphi was mostly OO classes and part code-generator, but unlike
the stupid wizards that Microsoft provides, Delphi's code generator was
interactive. Use the graphical editor to modify something, and the code
along side changes appropriately. Even if you've modified it from what
was originally generated.

And you could still choose to ignore the graphical components and write
all the code yourself, down to the GUI code.

Delphi was the most powerful development environment I've ever used.
Back in 1.0 in 1995 it was good enough to skin the hide off VB today.
Borland lost the marketing war though.

Delphi is proof that good interfaces are possible. We do not need to
look at Microsoft and Apple and decide that GUIs don't mix with
flexibility and power.

> But that is already there. No? Every user has one primary group and can have
> multiple secondary group. In fact, this is how CVS system in our company works.

You didn't get it. I want groupA to have read-write permissions, groupB
to have read-only permissions, and nothing for everyone else, for a
particular file. How do I do that?

> 
> > So a particular file could have it's standard owner and group, and
> > another set of permissions for the "mailadmin" group, and no rights for
> > anyone else.
> 
> What's wrong with adding mailadmin user to the so called standard group of the
> file.

Doesn't always work. Some (fetchmail and procmail notably) insist that
the group not have write permissions.

> Having said all this, I do admit that part of what you say have said is right
> but I don't really think that it had to come out as an outburst of such strong
> feelings.

My issue is with people here starting to feel that Linux is as good as
anything gets and that everyone else needs to get up to speed now.
That's a dangerous state of mind. It encourages stagnation.

-- 

Kiran Jonnalagadda
http://lunateks.com

baby.sh: while true; do echo "^G^G^G^G^G"; sed -e 's/food/poop/';
sync; sync; sleep 15; done