Scot L. Harris wrote:
On Fri, 2005-12-02 at 00:17, Mike McCarty wrote:
John Summerfied wrote:
Mike McCarty wrote:
[snip]
The windows model is, to my mind better; where it falls down is the
implementation.
The Windows NT (and hence XP) model is superior, yes.
Is it? Best practice is to use the least privilege possible to get the
job done. By creating users that login with super user privileges you
break that best practice. You still need a user that can admin the
box. But individual users under linux or any unix like OS can be
granted all or some of roots capabilities via sudo or similar
utilities. Users should not be encouraged to login directly as root to
prevent several of the problems you listed above. By logging in as a
normal user and then using su or sudo an audit trail is left so things
can be tracked down if needed and traced to a particular users account.
Logging in directly as root leaves it open as to which user did
something on the system.
Nothing you said disagrees with what I wrote.
Windows suffers because by default most users have admin or super user
capabilities. This in turn becomes the conduit that so many of the
viruses use to gain complete control of the system.
Eh? Not on any machine I administer, they don't.
If they used the least privilege rule viruses would not be as easy to
spread since they would not run with super user like privileges in most
cases.
Both systems can be run securely by using best practices. Unfortunately
most windows systems by default do not use such practices. And many new
linux users use root as their day to day login instead of setting up a
normal user. In the long run that will come back to bite them.
ANY security system can be abused.
Mike
--
p="p=%c%s%c;main(){printf(p,34,p,34);}";main(){printf(p,34,p,34);}
This message made from 100% recycled bits.
You have found the bank of Larn.
I can explain it for you, but I can't understand it for you.
I speak only for myself, and I am unanimous in that!