Xref: utzoo comp.unix.internals:2508 comp.unix.admin:1544 Path: utzoo!utgpu!news-server.csri.toronto.edu!cs.utexas.edu!uunet!math.fu-berlin.de!fauern!unido!mikros!mwtech!martin From: martin@mwtech.UUCP (Martin Weitzel) Newsgroups: comp.unix.internals,comp.unix.admin Subject: Re: Unix security additions Message-ID: <1090@mwtech.UUCP> Date: 8 Apr 91 09:48:22 GMT References: <39950@cup.portal.com> <1991Mar14.230944.9184@eci386.uucp> <1991Mar22.024124.3238@ec Reply-To: martin@mwtech.UUCP (Martin Weitzel) Organization: MIKROS Systemware, Darmstadt/W-Germany Lines: 39 In article <1991Mar22.024124.3238@eci386.uucp> woods@eci386.UUCP (Greg A. Woods) writes: [In answer to article pcg@test.aber.ac.uk (Piercarlo Antonio Grandi)] ... >Yes, higher levels of security do require some of the features you >mentioned (such as removing the concept of a "superuser"). ... Well, I know this complaint that UNIX isn't secure because there is one person who can read the files of all others ... but what if there were no such privilege? - how should checks of the filesystem integrity, backups and restores be done if not some few programs could acces the raw information of the disk? - how should new system software be installed? If their exists a privileged account for the above mentioned activities (and name the OS on which there is no such account) then the door is open for installing any program you whish which does anything you whish with the data on the disk! Furthermore: If there is a person who can do backups on physically removable media, even if this person has not the privilege to read all the users data, how do you control what he or she does with the backups *after* removing the media? I especially *like* the design of UNIX for making it so clear to everyone that the things left on the computers disk are by no means more secure as the things you leave in your office (to which your boss has a key - at least for a case of emergency). Again, name the OS on which the things I described here are not possible. I'm not interested in hearing that they are purely more difficult, e.g. because there is no "superuser account" and special rights like accessing the raw disk is only granted to some few programs. You can have this on UNIX too by simply creating some few new logins with UID 0 but the mentioned special programs (backup/restore, filesystem check, etc.) as "login shell". The "real" super user account must only be known for for extremly few activities, like installing new software and configuring the kernal. -- Martin Weitzel, email: martin@mwtech.UUCP, voice: 49-(0)6151-6 56 83