[mdlug] A big opportunity for Linux?
Aaron Kulkis
akulkis3 at hotpop.com
Thu Nov 22 23:06:54 EST 2007
Adam Tauno Williams wrote:
>> In actual practice in the workplace, I've never seen
>> u/g/o rwx to be insufficient for that sort of task.
>
> Wow, and how many groups do you have defined on your system?
>
In actual practice, the number of groups needed
is quite small. Even for an organization as big as
General Motors, the number of non-admin groups
is in the range of a few dozen.
>> I suppose the CIA would be an exception...but that's a VERY
>> special exception.
>> Even in the combat environment of Baghdad, ACLs are an
>> extremely heavy-handed way of solving the problem (and
>> in many ways, even clumsier than u/g/o rwx).
>
> Clumsier than u/g/o? That's just crazy, u/g/o is what is awkward and
> arbitrary. It is a clear vestige of a time when flexible security
> wasn't an issue.
Yes, MUCH clumsier than chowning a file to the proper group.
Especially when individual USERS rotate in and out of
theater, and are even killed unexpectedly, a properly
used group mechanism is much better.
Unfortunately, Windows doesn't even offer this simple,
effective methodology. The use of ACL's cause me no
end of administrative headaches when I was in Baghdad.
There were times when I was called away from urgent
vehicle communications systems repairs to provide
access to files because, frankly, in practice, users
aren't all that brighht -- they thinkg "A, B, and C"
need access to this file, and don't even consider
what happens when A is on leave, B is off-post on
a mission, and C is also unavailable for whatever
reason (on a mission, wounded and demobilized, etc).
Or then SFC B is requested to work at battalion
headquarters, so now SFC D is the new operations
sergeant, and he needs to be included in the ACLs
for every file that SFC B had access to...
And with M$'s pathetic tools (i.e. basically, NONE),
it just made the whole experience that much worse.
>
> I'm sorry your user's can grasp "permissions". Even my salespeople
Oh, they understood permissions. The problem is, it
> intuitively understand permissions - "that how I can keep that other guy
> from diddling with my accounts!"
I've yet to meet anyone who had difficulty
understanding ANY permission system ... the problem
is what how flexible is the permission system.
ACL's are extremely brittle, and other than places
where Top Secret, Compartmentalized Information rules
are needed, they're an utter pain in the rear to
both admins and users.
Most users would rather just specify that a certain
administrator-maintained list of people be allowed
to look at a file...because they tend to make files
useable by the same GROUPS of people over and over.
The last thing they want to do is have to update
ACL's for large numbers of files, just because one
new person is now supposed to have access to all
of the files, or conversely, the person has moved
on and you don't want that login ID having access
to those files any more.
It's just plain simpler for an admin to edit a
group, say "intel" or "cocdrs" or "bncdrs"
or "125INF" (for, respectively, intelligence,
company commanders, battalion commanders, and
members of 125th infantry).... and when a new
unit comes in, to just re-name the group (say,
from 125INF to 37MP) and update its membership
than to play a never ending ACL administration
game.
I can see ACL's as a good AUGMENTATION of u/g/o,
but it's as a stand-alone security model.
More information about the mdlug
mailing list