On Sat, Sep 13, 2003 at 09:41:22AM -0400, Anthony E. Greene wrote:
> On 11-Sep-2003/15:54 -0500, Dave Ihnat <[EMAIL PROTECTED]> wrote:
> >On Thu, Sep 11, 2003 at 01:58:59PM -0500, B McAndrews wrote:
> >> Could someone staighten me out here. When did Unix based system become
> >> the bastion of security?
> >
> >Ever since the standard it is compared to is Microsoft...
> >
> >> In a former lifetime, I used to work on VAX/VMS for classified (as
> >> in military) work. I can't remember the issues, but when we started
> >> moving off the VAX/VMS over to Unix workstations, the IT security
> >> folks were not at all comfortable with the security of Unix compared
> >> to the VAX/VMS. Does anyone have any insights as to why that might be?
> >
> >Sure; there are a lot of them. One of the most telling is the fact
> >that permissions on Unix/Linux are binary--you're root, or you're not.
> >There's no provision in standard Unix/Linux for graduated levels of
> >authority, or for cooperative privileges (e.g., it takes both the Security
> >Officer and Administrator, each providing a separate authentication,
> >to gain certain security levels; no one person can do so.)
>
> You obviously know this, but I think it's necessary to mention that there
> is at least one ACL system for Linux.
ACLs in Linux aren't great - they're not utilized in every tool equally
like they are in VMS. ACLs also aren't the only answer to permissions.
You can set up a VMS account that requires two passwords before you're
let in - one person usually doesn't have both passwords - you could
probably implement this in PAM somehow, but it's not standard out of the
box like it is in VMS (and has been for 20 years).
Each OS has its strengths, and when it comes to access controls, VMS wins
hands down. That said, I manage more Linux systems than I do VMS
systems and I run Linux at home, not VMS.
.../Ed
p.s. I still have the Raxco poster in my office with the title "How to
tell if you're a VMS bigot".
--
Ed Wilts, Mounds View, MN, USA
mailto:[EMAIL PROTECTED]
Member #1, Red Hat Community Ambassador Program
--
redhat-list mailing list
unsubscribe mailto:[EMAIL PROTECTED]
https://www.redhat.com/mailman/listinfo/redhat-list
