[GLLUG] Is there a Windows equivalent to /etc/fstab?

Matt Graham danceswithcrows at usa.net
Thu Oct 12 17:31:16 EDT 2006 

On Thursday 12 October 2006 16:31, after a long battle with technology, 
Nathan Hartley wrote:
[massive snippage]
> registry key, folder, file, share, device, whatever maintains it's
> own list of users or groups and their permissions. These permissions
> are specific to each thing (13 different permissions just for a
> file).

Sounds really complicated, but what the heck.

> Correct me if I'm wrong, with Linux everything is a file with folder
> and executable bits, one owner id, one group id and read, write and
> execute permissions based on owner, group, and world (everyone else).

You've forgotten about ACLs, which can be used on at least ext[23], 
ReiserFS, and XFS.  Probably JFS too.  ACLs are an add-on that allows 
you to create groups of users and assign additional permissions based 
on those groups to files and dirs.  ACLs are *not* usually enabled by 
default, though.  Back when I was still using Solaris every day, I used 
ACLs frequently to do stuff--but that was 6.5 years ago.  I haven't 
needed ACLs here, so I haven't fiddled with them at all under Linux.  
They do work, though, and I think there's even a HOWTO somewhere.

> And then there is root, who supersedes all permissions.

Not quite.  UID 0 still can't execute files that don't have the x bit 
set, and UID 0 can't change files that have the immutable attribute.

> I would love to hear someone else's views as to whether Linux strikes 
> the right balance between ease of use and security.

I think what might help Linux out is some sort of runtime-tunable 
parameter like /proc/sys/is_single_user_workstation.  Set that to "1", 
and /bin/mount relaxes some of its checks so ordinary users can do 
things like mount things on loopback and mount arbitrary network 
filesystems on a subset of /mnt with some non-changeable options 
(noexec, nodev, nosuid).  Yeah, you can "sudo mount -t 
cifs //borg/crud /mnt/borg -o blah" , but it's annoying when there are 
a bunch of SMB shares to investigate.  Could be used for cardctl as 
well, maybe.

I'm sure the professional paranoids would have a fit about this option 
even if it were 0 by default, though.  I have not given this very much 
coherent thought, so it probably is about as useful as a large gerbil.

-- 
   We're standing there pounding a dead parrot on the counter, and the
   management response is to frantically swap in new counters to see if
   that fixes the problem.           --Peter Gutmann, ASR 6/18/1998
There is no Darkness in Eternity/But only Light too dim for us to see

More information about the linux-user mailing list