Path: utzoo!utgpu!news-server.csri.toronto.edu!bonnie.concordia.ca!uunet!mcsun!ukc!dcl-cs!aber-cs!athene!pcg From: pcg@aber.ac.uk (Piercarlo Grandi) Newsgroups: comp.admin.policy Subject: Re: Student suspended for distributing /etc/passwd Message-ID: Date: 19 Jun 91 19:22:57 GMT References: <1911@vtserf.cc.vt.edu> Sender: aro@aber-cs.UUCP Organization: Coleg Prifysgol Cymru Lines: 54 In-reply-to: marchany@vtserf.cc.vt.edu's message of 17 Jun 91 14:03:41 GMT On 17 Jun 91 14:03:41 GMT, marchany@vtserf.cc.vt.edu (Randy Marchany) said: marchany> I would think that while it is true that /etc/passwd is world marchany> readable, there really isn't any reason why someone should marchany> pass copies of it around. If there was a legitimate reason, This is entirely backwards. Users are not there at the sufferance of the syadmin. They don't have to prove they are innocent before copying a file: marchany> certainly a note to the sysadmin telling him why it was being marchany> copied would clear the air, eh? :-) This is just a bit fascistic. But it can lead on to all sorts of nastiness. It's not the user that has to find a legitimate reason; it's the sysadmin that must find a good reason to forbid it. Or do you believe that the Government knows best? marchany> Once again, sites need to DEFINE their policy and EDUCATE marchany> their user community and if the users AGREE to abide by that marchany> policy, we have no right to denigrate a particular site's marchany> handling of a policy violation. I was denigrating people who characterized copying /etc/passwd as a security violation in itself. If the file is readable, and there is no explicit rule that prohibits copying it, it can be copied, unless the purpose of the copying is to aid trespass, if *proven*, after the fact, not before. There are places where only registered locksmiths can legally own lock breaking equipment, and it is a crime for anybody else to carry them, without any need to prove any criminal intent. These places may not be pleasant to live in. marchany> Sysadmins need to formulate a DRAFT policy and obtain the marchany> support of their administration (pres., vice-pres., dean, marchany> etc.) to enforce it. This is OK, as long as the policy is not the default of "everything is forbidden, just in case, and while in general we don't give a damn, whenever we want we can nail you for one thing or another". This is a very nasty habit of many governments and organizations, especially Universities. It is used to lop the head off troublemakers... If everybody is made into a criminal, those who decide whom to prosecute can put anybody they choose behind bars. In a University it may well happen that the students that break windows to celebrate graduation get away with it, while those that stand on a patch of grass while they protest some administration policy get suspended for damaging University property. -- Piercarlo Grandi | ARPA: pcg%uk.ac.aber@nsfnet-relay.ac.uk Dept of CS, UCW Aberystwyth | UUCP: ...!mcsun!ukc!aber-cs!pcg Penglais, Aberystwyth SY23 3BZ, UK | INET: pcg@aber.ac.uk