users, "private" groups, and The Unix Way (was, Re: Is it me or is it sudo?)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Sat, Mar 31, 2012 at 7:04 PM, Tim <ignored_mailbox@xxxxxxxxxxxx> wrote:
> On Fri, 2012-03-30 at 20:39 +0100, James Wilkinson wrote:
>> From there, it follows that the easiest way to do this is to make 002
>> the default umask, which means that all new files and directories
>> created by normal users have these permissions. That means that if you
>> want files that only their owner can write to, you need a per-user
>> group.
>
> It always struck me that personal files ought to have no group or world
> permissions set by default.  If you wanted your files to have those
> extra permission set, then it ought to be done as a deliberate choice.

Maybe "user-id" is mis-named. There are sure a lot of people who tend
to see "user-id" and expect the one-to-one correspondence. I know the
conflation caused me some frustration back in college, and I'm not
sure I got it properly worked out until I put together a few openbsd
systems.

Anyway, it should be clear that a system administrator should not be
logged in as a system administrator when he or she is just writing an
e-mail scheduling meetings or something. But even ordinary (human)
users should not be surfing the web as the user they logged in as, and
I'm not talking about keeping my boss from checking my cache for
visits to slashdot or whatever.

As the system administrator for my home box, I want to be able to log
in as a normal user that is not tainted by my the web sites I visited
last time I logged in. That means I have a separate administrator
user.

I want one user-id/group-id pair for each bank I have to visit, so
that, even if we can't get the banks to use special-purpose browsers
for the money transactions, I can protect the bank data from the guys
that want to mine my data for their gain, including the other banks.
(Special purpose browsers are preferred, of course.)

And when I need to go surfing through blogs for news, I don't want to
do that with the user I logged in as. Even if/when we can get rid of
the sloppy programming practices Microsoft and their ilk promote, we
can't be sure we have every hole plugged, so it's just going to be
safer to do that as a user that isn't allowed to log in. That means
that, even though I log out of my "worker" user and log back in as my
"play" user, I still want to spawn a nologin user from there to surf.

(This is not pure paranoia. I checked out a company for a job and
discovered that Google had flagged their site as containing malware,
and the guy who ran the company did not have the financial means or
motivation to hire someone to clean the server up. Scared of having to
move off the vulnerable tools he was using, trying to meet a market
window that was fast disappearing, all the excuses.)

Incidentally, I'm doing this much now, using xhost local and sudo. (If
you're curious,

http://reiisi.blogspot.jp/2011/08/simple-sandbox-for-firefox.html

is my blog from when I first got it running. I need to re-write that
explanation, which is part of the reason I'm writing this long-winded
post now. But I still have issues with the input method that I need to
solve. And I need to write some scripts so I don't have to all the
tweaks by hand every time.)

And I glue it together with per-user groups. Without per-user groups,
I would have to go through serious admin-level contortions to grab a
download. Does that make sense?

--
Joel Rees
-- 
users mailing list
users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Have a question? Ask away: http://ask.fedoraproject.org


[Index of Archives]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [EPEL Devel]     [Fedora Magazine]     [Fedora Summer Coding]     [Fedora Laptop]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Desktop]     [Fedora Fonts]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Yosemite News]     [Gnome Users]     [KDE Users]     [Fedora Art]     [Fedora Docs]     [Fedora Sparc]     [Libvirt Users]     [Fedora ARM]

  Powered by Linux