[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: Per-modules readers/writers ?
From: |
Greg A. Woods |
Subject: |
RE: Per-modules readers/writers ? |
Date: |
Mon, 28 Oct 2002 14:44:08 -0500 (EST) |
[ On Monday, October 28, 2002 at 09:14:41 (-0800), Shankar Unni wrote: ]
> Subject: RE: Per-modules readers/writers ?
>
> The other (counter-) factor is that in large environments, users are
> often managed through YP or LDAP (and generally from the IT point of
> view lumped into a few giant groups like "engr" and "users").
It doesn't really matter where the account data is managed and supplied
from. There are litterally hundreds of ways to integrate centrally
managed account information with unix and unix-like systesm. The point
is that the Unix system security model mandates that every unique human
user (as well as unique system identities) have a unique system account.
You cannot even get basic unix security without using its concept of
accounts.
> These environments are not necessarily paranoid enough to need C2-level
> security (which is another nightmare to administer), but often do need
> to implement a coarse level of read/write control over modules for
> users.
C2-level security is just an example to show how much you really have to
do to achieve any useful amount of accountability.
Even basic unix security requires proper use of individual system accounts.
--
Greg A. Woods
+1 416 218-0098; <address@hidden>; <address@hidden>
Planix, Inc. <address@hidden>; VE3TCP; Secrets of the Weird <address@hidden>
- Per-modules readers/writers ?, David R. Chase, 2002/10/24
- Re: Per-modules readers/writers ?, Larry Jones, 2002/10/24
- Re: Per-modules readers/writers ?, Nick Patavalis, 2002/10/25
- Re: Per-modules readers/writers ?, Mike Ayers, 2002/10/25
- Re: Per-modules readers/writers ?, david, 2002/10/25
- Re: Per-modules readers/writers ?, David R. Chase, 2002/10/25
- Re: Per-modules readers/writers ?, david, 2002/10/25
- Re: Per-modules readers/writers ?, Greg A. Woods, 2002/10/25
- RE: Per-modules readers/writers ?, Shankar Unni, 2002/10/28
- RE: Per-modules readers/writers ?,
Greg A. Woods <=
- RE: Per-modules readers/writers ?, Shankar Unni, 2002/10/28
- RE: Per-modules readers/writers ?, Greg A. Woods, 2002/10/28
- RE: Per-modules readers/writers ?, Shankar Unni, 2002/10/28
- RE: Per-modules readers/writers ?, Greg A. Woods, 2002/10/28
- RE: Per-modules readers/writers ?, Shankar Unni, 2002/10/28
- RE: Per-modules readers/writers ?, Paul Sander, 2002/10/28
- RE: Per-modules readers/writers ?, Shabbir Poonawala, 2002/10/28
- RE: Per-modules readers/writers ?, Shankar Unni, 2002/10/28
- Administrivia -- RE: Per-modules readers/writers ?, R P Herrold, 2002/10/28
- RE: Administrivia -- RE: Per-modules readers/writers ?, Shabbir Poonawala, 2002/10/29