cagsm <cumandgets0mem00f@gmail.com> schreef:
How is this linux or related unix world actually considered to be stable or paradigms and somet truth cast in stone, if seemingly every day essentials and utmost basic stuff changes.
Nobody really thought really well about it. If you do a scan, you will find for instances that the "root" user owns like 99% of all files that are not user-owned (that are not part of a user's home directory). So you get a security model in which root is almost like the only ubiqitous presence. That means you need root to do basically anything that is not confined to a single user, which means you have to use it all the time, which means its value as a security mechanism diminishes greatly (just as it is on Windows by the way, but still, more so). For fun, try this script: cat /etc/passwd | cut -d: -f1 | while read f; do printf "%-15s %6d\n" $f `find / -type f -user $f -xdev | wc -l`; done And you'll see how much the "other" users are used. Also, it means or seems to be meaning, or at least the result of the system is that although there are "groups" they are hardly every used by default. As such, for most files the group-write permissions are always turned off and I think you will find easily that for 99% of files in the base system the group read flag is either the same as the owner read flag, or removed (rarely). Most files are either 755/644 or 700/600 (if security is warranted) so you will see that in effect, the whole group feature is not even USED in the base Linux system. The problem of course is that if you want to do anything in such a system that requires editing files, and those files belong to prepackaged programs, you now have to be root to edit it, even if it is just a user stylesheet for a wiki program. So the base security model is really quite rotten, there is no differentiation or sense of layers or layerism that might make it possible to use intermediate or "less powerful" users to do more common tasks, the whole directory structure that was really designated for such things (/usr/local) is never even commonly used (except when you want to compile something yourself) and so the whole "local" thing to a linux system is pretty much nonexistent unless you put it in yourself, which of course requires a lot of development and time and means you are basically constructing a new security model yourself. So basically, yes, it is very primitive and for it to become something really useful or even slightly "adequate" from a common user point of view, it needs a lot of development time still ;-). Heh, Anton ? :P ;P. It is definitely not adequate for me, but I have much higher goals, or at least I used to have them. So I will say the little fiddling between 4755 and 4750 (I don't even know what the 4 means) is really quite meaningless, it meant that previously it was not "world" readable and now it is. That's also just personal choice, if there is nothing to hide in that crontab file (which probably there isn't, but it depends (it depends it depends, of course it depends). ) you might perhaps just as well show it to everyone and his sick jealous monkey squad. :D. Regards... -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org