Re: Weird situation

On Sat, 16 Dec 2006, in the Usenet newsgroup comp.os.linux.security, in article
<m4Mgh.3941$yC5.530@xxxxxxxxxxxxxxxxxxxxxxxxxx>, Barton L. Phillips wrote:

I have seen a lot of enterprise Windows shops and almost all of them
have a VERY restricted user policy. No casual user has "Administrator"
(root) privilege. These shops are just a locked down as any Unix shop
and in some cases more locked down as they also use policies to restrict
use of applications and ACL (access control lists) to restrict
privileges

Novell Netware had an excellent access control system in the 1990s.

These enterprise shops have a full time staff of IT people that have
been trained and get good pay. End users do NOT under any circumstance
get to install anything. It can be pretty draconian but it works just
like the Sun shops I worked in.

Agreed. Compare the knowledge that was needed to get a Novell CNE (or
for that matter, the plain old CNA) verses the various microsoft
certifications.

Most people just don't have the understanding or patience for this at
home.

Bingo. And this carries over into smaller businesses that don't feel
they have the needs to justify the well trained and expensive staff.
In the early 1980s, computers were extremely expensive (my first IBM
PC-XT priced out at over US$4000, and the PC-AT was nearly US$6000).
This was not a home system. Then came the clones, and by 1995 it seemed
that everyone had a computer at home. Now, I'm sure this is the case.
This means that everyone is "familiar" with the PC, and invariably
assumes that what works at home is just peachy at work. It is _so_
much fun to bang on a neighbor's cage (he admins windoze in an
insurance agency with about 150 users) and hear him foaming about the
latest helpful hint he received from the president (whose 12 year old
son is an expert obviously).

Windows biggest problem, in my opinion, has been there is no equivalent
to su or sudo. Windows does have a "Run As" mechanism but it is disabled
by default and it is just too hard to make work, if fact it is just plane
broken.

Some of this is "the target audience". Windoze wants to be the very
easy system to use - so easy that _everyone_ uses it at home. The problem
with this is that they are stuck in the single user mind set from MS-DOS.

Linux distributions like Ubuntu make it pretty easy for a person to
keep from living as root. The sudo mechanism works pretty well, though
it is a problem if a person is too uninitiated. It is also not a good
distribution, in my opinion, for an enterprise shop as it is too easy to
be root and destroy everything.

The "popular" distributions do have this advantage. The risk of destroying
everything can be properly configuring 'sudo' and restricting the use of
'su' to those with the extra skills needed. On the other paw, these same
distributions depend on "helper" programs, often GUI, to handle the
complicated stuff. The problem is that the helper programs are hiding
what they are doing, and when the helper becomes broken on otherwise
unavailable, the under-trained administrator is screwed. How many (for
example) are even aware of the difference between 'su' and 'su -' (or
'su -l'), and where this may be the only quick way to salvage some
screwup involving root's environment?

I hope I don't get flamed for this. As I said it is just my opinion and
I could be wrong.

I'm certainly not going to disagree with you.

Old guy
.

Relevant Pages

  • Re: Weird situation
    ... restrict privileges (something which Linux has only recently started ... These enterprise shops have a full time staff of IT ... Windows biggest problem, in my opinion, has been there is no ... pretty easy for a person to keep from living as root. ...
    (comp.os.linux.security)
  • Re: Weird situation
    ... restrict privileges (something which Linux has only recently started ... These enterprise shops have a full time staff of IT ... Windows biggest problem, in my opinion, has been there is no ... pretty easy for a person to keep from living as root. ...
    (comp.os.linux.security)