Path: utzoo!utgpu!water!watmath!clyde!att!osu-cis!tut.cis.ohio-state.edu!mailrus!cornell!uw-beaver!ssc-vax!benoni From: benoni@ssc-vax.UUCP (Charles L Ditzel) Newsgroups: comp.sys.apollo Subject: Re: some questions for the gurus. Message-ID: <2205@ssc-vax.UUCP> Date: 6 Sep 88 07:46:57 GMT References: <8809051853.AA03917@mailgw.cc.umich.edu> Organization: Boeing Aerospace Corp., Seattle WA Lines: 42 in article <8809051853.AA03917@mailgw.cc.umich.edu>, rees@MAILGW.CC.UMICH.EDU (Jim Rees) says: > (2) how do we prevent ordinary users to sigp other users' processes? > This is "fixed" (assuming you consider current behavior to be broken) > in sr10. I consider SR9.7 and before to be broken for this very reason. After all what good is root ownership over a process if it can be killed by an ordinary user ???? There are more than a few people that I have talked to that regard this as downright weird! > I'd like to take this opportunity to flame a bit on the issue of "security." > I don't give my car keys to someone I don't trust. And I don't give a > computer account to someone I don't trust. I wouldn't ask a workstation >...etc whoa...it is a matter of trust...it's really a matter of experience and knowledge about what going on...and alot of users just want to get their work down and not become computer jocks... Besides if Apollo takes elaborate effort to protect it's filesystem with ACLs and Unix permissions... why not take the time to protect critical root and user processes AND why not take the time to deny "shut" to novices... > > A timesharing system is different. If you screw that up, you screw > everyone. But workstations are supposed to put the power into individual > people's hands. I think that's an important distinction. When you start > treating your workstations as timesharing systems, you've taken power out of > the hands of the people, and put it into the hands of the bureaucrats. I > think that's bad. All of you users out there should be worried when people > who run computer labs start asking how they can prevent users from shutting > down the system. Let them know that's the wrong question to ask. One of the chief problems with letting everyone shut down their systems is that if you have diskless machines that depend on server X ... and the user at server X shuts it down...OR if you have user Y on a disked node but his account is on server X and the user on server X shut it down... I think you get the picture...I think 'shut' should be a root/sysadmin command...or a command that can be given out to knowledgeable users. Taking power out of the hands of bureaucrats and putting it into the masses is 'pretty' rhetoric...but i would hate a "production" network to depend on this philosophy...or even an academic setting... --------------- Naturally My Opinions are my own