[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: Per-modules readers/writers ?

From: Greg A. Woods
Subject: RE: Per-modules readers/writers ?
Date: Mon, 28 Oct 2002 14:44:08 -0500 (EST)

[ On Monday, October 28, 2002 at 09:14:41 (-0800), Shankar Unni wrote: ]
> Subject: RE: Per-modules readers/writers ?
> The other (counter-) factor is that in large environments, users are
> often managed through YP or LDAP (and generally from the IT point of
> view lumped into a few giant groups like "engr" and "users").

It doesn't really matter where the account data is managed and supplied
from.  There are litterally hundreds of ways to integrate centrally
managed account information with unix and unix-like systesm.  The point
is that the Unix system security model mandates that every unique human
user (as well as unique system identities) have a unique system account.
You cannot even get basic unix security without using its concept of

> These environments are not necessarily paranoid enough to need C2-level
> security (which is another nightmare to administer), but often do need
> to implement a coarse level of read/write control over modules for
> users.

C2-level security is just an example to show how much you really have to
do to achieve any useful amount of accountability.

Even basic unix security requires proper use of individual system accounts.

                                                                Greg A. Woods

+1 416 218-0098;            <address@hidden>;           <address@hidden>
Planix, Inc. <address@hidden>; VE3TCP; Secrets of the Weird <address@hidden>

reply via email to

[Prev in Thread] Current Thread [Next in Thread]