Jim Crumley wrote: >On Wed, Oct 20, 2004 at 12:38:42AM -0500, Jeff Nelson wrote: > > >>First, VMS is secure because security was designed into the operating >>system, not added as an afterthought. For example, the 4-layer ring >>design, where the core ring is the most trusted (kernel mode) and the >>outer ring least trusted (user mode). Another example: the >>specialization of privileges and access control lists. There's just one >>privilege (root) with Linux, though access control lists are starting to >>appear. >> >> > >What are advantages of ACLs? How do they benefit a medium-sized >network? I understand that they are more flexible than the >traditional Unix groups approach, but they are also more complex >to deal with. I have not seen any good case studies or >documentation that explains what problems ACLs solve better than >groups. Well-designed Linux distributions have few processes >running as root. I realize that there are situations where the >extra power of ACLs would come in handy, but most networks don't >even make full use of the power of groups. Why should we expect >them to use ACLs effectively? > > > My personal opinion is that it isn't possible to properly secure a production system without the ability to absolutely deny access of a system resource to specific individuals and classes of users. ACLs let you do that fairly easily. They also let you make ad hoc access available to specific resources without having to construct narrowly defined groups, i.e. the files in /home/dev are available to all members of dev, but I want to make buglist.txt available to management without constructing a dev+management group to access that particular file. With ACLs I can pick a file, or directory, or resource (say a CD writer) and make it available to a particular individual or group and deny it to everyone else. And if you belong to a group that has been denied access, you are denied access to the resource regardless of whatever other privileges you may have via memberships in other groups. Most commercial OSs support some form of ACL even if it may be optional; for example, AIX supports the normal unix wgu-rwx file controls but also allows you to apply additional controls using their ACL system. Most good admins with access the ACLs make pretty good use of it. In our Windows system we have different groups for different studies and functions within the study. Those groups are given access to different areas on the server and people are added to the appropriate groups as required. Then 'Everyone' is denied access to the entire file system. Even with admin privileges I can't see large parts of the data unless I want to take ownership of the files and add myself to the ACL. It gets used because it is easier. >Anyway, if anyone has any links to some good information on >ACLs, I would appreciate seeing them. I keep hearing about them, >but I cannot understand the fascination. > > > The SUSE folks have a couple and I would expect that the NSA SELinux has some detailed docs floating around. --rick http://www.nsa.gov/selinux/index.cfm http://www.suse.de/~agruen/acl/linux-acls/linux-acls-final.pdf http://www.suse.de/~agruen/acl/chapter/fs_acl-en.pdf _______________________________________________ TCLUG Mailing List - Minneapolis/St. Paul, Minnesota Help beta test TCLUG's potential new home: http://plone.mn-linux.org Got pictures for TCLUG? Beta test http://plone.mn-linux.org/gallery tclug-list at mn-linux.org https://mailman.real-time.com/mailman/listinfo/tclug-list