[GLLUG] Is there a Windows equivalent to /etc/fstab?
Matt Graham
danceswithcrows at usa.net
Thu Oct 12 17:31:16 EDT 2006
On Thursday 12 October 2006 16:31, after a long battle with technology,
Nathan Hartley wrote:
[massive snippage]
> registry key, folder, file, share, device, whatever maintains it's
> own list of users or groups and their permissions. These permissions
> are specific to each thing (13 different permissions just for a
> file).
Sounds really complicated, but what the heck.
> Correct me if I'm wrong, with Linux everything is a file with folder
> and executable bits, one owner id, one group id and read, write and
> execute permissions based on owner, group, and world (everyone else).
You've forgotten about ACLs, which can be used on at least ext[23],
ReiserFS, and XFS. Probably JFS too. ACLs are an add-on that allows
you to create groups of users and assign additional permissions based
on those groups to files and dirs. ACLs are *not* usually enabled by
default, though. Back when I was still using Solaris every day, I used
ACLs frequently to do stuff--but that was 6.5 years ago. I haven't
needed ACLs here, so I haven't fiddled with them at all under Linux.
They do work, though, and I think there's even a HOWTO somewhere.
> And then there is root, who supersedes all permissions.
Not quite. UID 0 still can't execute files that don't have the x bit
set, and UID 0 can't change files that have the immutable attribute.
> I would love to hear someone else's views as to whether Linux strikes
> the right balance between ease of use and security.
I think what might help Linux out is some sort of runtime-tunable
parameter like /proc/sys/is_single_user_workstation. Set that to "1",
and /bin/mount relaxes some of its checks so ordinary users can do
things like mount things on loopback and mount arbitrary network
filesystems on a subset of /mnt with some non-changeable options
(noexec, nodev, nosuid). Yeah, you can "sudo mount -t
cifs //borg/crud /mnt/borg -o blah" , but it's annoying when there are
a bunch of SMB shares to investigate. Could be used for cardctl as
well, maybe.
I'm sure the professional paranoids would have a fit about this option
even if it were 0 by default, though. I have not given this very much
coherent thought, so it probably is about as useful as a large gerbil.
--
We're standing there pounding a dead parrot on the counter, and the
management response is to frantically swap in new counters to see if
that fixes the problem. --Peter Gutmann, ASR 6/18/1998
There is no Darkness in Eternity/But only Light too dim for us to see
More information about the linux-user
mailing list