Another thing is that I really think that for system data, ACLs cause more security problems than they help. Auditting a Linux system is much easier than an NT box, because you don't have ACLs to worry with.
If you have trouble installing something in WinLand, what do you do? You go off messing w/ ACLs. Then, when you finally get it fixed, how do you go back closing off the holes you've opened? There's no way to get a quick list of who accesses what. With UNIX-based systems you have user, group, and owner, with relevant permissions. It is easy to find such things when they are out-of-whack, easy to correct, etc. What's SUID on my machine? find / -perm +4000 Who can do what with the each file in this directory? ls -l With Windows, you have to inspect each file individually to find who has the proper ACLs. Now, with _user_ data, ACLs are nice. What's really great is that, in Linux, you can use different filesystems, and use one that is ACL-capable for your user directories and one that is not for your system directories. Jon On Wed, 25 Jun 2003, Kent Borg wrote: > On Wed, Jun 25, 2003 at 09:31:08AM -0700, Chris W. Parker wrote: > > > Please list for me reasons why you believe (or know for a fact) that > > Linux is more secure than our current setup. Let's assume two > > different situations: 1. Out of the box with a standard install, > > I don't know that it is. You must stay up to date or stay off the > internet. Things might cool down in a few years (I think security > holes are being fixed faster than they are being made). > > > 2. Standard install, fully patched. > > 1. Open code. What's public is more likely to be examined, and > security holes publicized and fixed. Open source people seem to > care about security. MS mostly just talks about security, and only > recently at that. There are lots of examples of companies told > about security problems, ignoring (or even threatening) the > messenger, until that is, the problem is publicized. > > 2. Open code. Source code that might be looked at by other programers > (particularly the kernel itself) will be higher quality in the > first place (can you say embarrassment?) than will > compile-sell-and-forget proprietary code. > > 3. There is no marketing department in most open source projects to > drive mis-features for features sake, mis-features that compromise > security. When marketing does promote security it is frequently > snake-oil solutions when most security holes are simply bugs, and > marketing never really cares about bugs--just the biggest bugs. > > 4. More information and control available to you in how you configure > things. > > 5. To have decent security you have to learn a little something about > security yourself. If you do Linux you know you have to learn > something. If you do MS you might think there is a "Do what you > are supposed to and Bill will take care of you."-solution. There > isn't, but the fact that MS fights your taking responsibility > leaves you little choice. > > > -kb, the Kent who thinks firewalls are inappropriately popular because > MS gives users so little alternative. > > > -- > redhat-list mailing list > unsubscribe mailto:[EMAIL PROTECTED] > https://www.redhat.com/mailman/listinfo/redhat-list > -- redhat-list mailing list unsubscribe mailto:[EMAIL PROTECTED] https://www.redhat.com/mailman/listinfo/redhat-list
