Re: Strange Kernel for Centos 5.5

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



> RHEL and CentOS have much, much tighter basic privilege handling. The
> complexity of the NTFS ACL structure, for example, is so frequently
> mishandled that it's often ignored and simply dealt with as
> "Administrator". The result is privilege escalation chaos.

And how is the user-group-world permissions system any better?

I work daily with both *nix & NTFS ACL's and given the choice I prefer
NTFS' for the finer grained control.

You want to create a folder in which user A & B have access to but
nobody else? In *nix you create a group that both those users belong
to and set the folder to use that group's permissions. In NTFS you set
the ACL's so those two users have (almost) full access to the folder.
Simple enough.

Now say you need to create another folder which only users B & C have
access to? In *nix you create another group, one that B & C belong to,
and assign that group permissions to that folder. NTFS? Set the ACL's
so that only B & C have access.

Now let's say we want User A to have read only access to that second
folder? They're not the owner, and don't belong to the group, so world
permissions are your only choice. What if this folder is a
confidential folder containing files the CEO & VP should be able to
alter but the Admin Assistant needs to be able to pick files from? You
really don't want a lowly peon down in shipping seeing the
confidential memo now do you?

In NTFS you just add user A to the folder with read only permissions.

Now expand this out to hundreds of folders and watch the *nix groups
multiply like rabbits.

Admittedly a few areas of NTFS ACL's cause some confusion, inheritance
and precedence rules among them, but if you take the time to read how
they work and play with it before putting it into production it's
actually quite easy to work with.

RTFM? :-)

-- 
Drew

"Nothing in life is to be feared. It is only to be understood."
--Marie Curie
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos


[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux