On Mon, Jun 07, 2004 at 11:43:12PM -0400, J. Erik Hemdal wrote: > Bear in mind, that the notion of one-at-a-time usage is foreign to > Linux. The tacit assumption is that multiple users are potentially > using the system all the time. Even if I am not logged on, I can use > cron to launch jobs for me. Since these jobs may want to control shared > resources, a security mechanism is needed to maintain the integrity of > the computer system. > > As a result, non-root users are frequently prevented from controlling > shared resources. This is a very important point IMHO. Linux and all other UNIX-like operating systems are first and foremost both multiprocess and multi- user operating systems. The offerings out of of Redmond (such as XP) are multiprocess but are not true multiuser capable (though NT and XP do both have some features in common with true multiuser OS). On an XP box, it is reasonably "safe" to assume that the console luser may have unfettered access to shared exclusive use devices such as modems and removeable media - if someone's logged in on the console, it's assumed that they're supposed to be there, and need not be restricted (at least by default). Not so with Linux, with it's extensive integrated remote access capabilities. That being said, recent generations of Linux-based systems do fairly well in this regard, though there is room for improvement. While it may be reasonable for one user to expect unfettered access to devices in a "workstation" installation, there are plenty of others who disagree, and the comprimise has been made with the overall security of the system in mind. The system can be configured to accomodate the former group, though it can certainly be argued that it ought to be easier to do so. Linux in general (and RH / Fedora in particular) is not the way it is because the architects desire to make it difficult for users. The design of any OS is a comprimise between function, ease-of-use, and security. MS has in the past opted to lean towards ease-of-use, though they seem to be re-evaluating that decision. Most if not all Linux distributions focus on security first, function and ease-of-use second. Brant
