On the other hand we have Linux, where cp and rm and mv makes
infallible tools for the security oriented systemadmin
Some have argued that rm used with wildcard or recursive flag can
be devastating if the luser "accidently" slips thrugh the command
history with his flappy finger after he changed directory. But in
Linux there is no such thing as accidents, and that´s the beauty
of it all
I have been running a serialcable network for over 7 months, only
interrupted by a power shortage. Could Windows do that? Hardly
so!
> Could Windows do that? Hardly so!
Actually, yes, it could.
Also, the comparison you make is apples and oranges, comparing CLI
commands to GUI equivalents.
What happens when a user, using Gnome on Ubuntu, say, slips with their
mouse in the same way you describe as when using Windows Explorer? huh?
well? huh? What happens, then, bub?
--
JDS
It's tough to argue with that post.
Most Linux users would have the presence of mind to NOT run as root
[UID=0] but as some UID>100.
Most Windows users must run as Administrator in order for apps to
install and work. Yes, 'tis possible, I used to experience the
pleasure of admining these non-Windows-admin environments, you learn
the registry's security and auditing (aka debug tool) real quick.
Running Windows as non-admin is definitely not the default method.
In every corporate LAN environment I've seen, there are always
SecPolicy exceptions to get users to be put into the Admin group on
their workstations. Linux doesn't need this, there are too many ways
to properly run as root even within a user's GUI, that you never need
to login directly as root. Never Ever.
After install, you can block root from logging in via the console, SSH,
or Telnet and still have an easily manageable system, that the end user
would have a hard time destroying, yet easy time elevating to root to
install new software.
http://support.microsoft.com/default.aspx?scid=kb;en-us;307091 for a
list of XP apps needing root, FYI.
-Gary
> When you in Windows Explorer tries to copy and move files, your
> fingers are prone to slip, and thus dropping files in wrong
> folders and therefore rendering the filestructure completly
> unuseable for Windows
>
> On the other hand we have Linux, where cp and rm and mv makes
> infallible tools for the security oriented systemadmin
And a finger slip is much more deadly. Well done.
What's he going on about?
He's doing a "kier" : in other words currying favour with the COLA gang
by pretending Linux is better at something that Windows. Pity he made
such a pigs ear of it. Either that or, and is likely re-reading the
rubbish he wrote, it's just someone pulling the legs of the COLA zealots
to try and get a "me too".
In windows I always drag with the right mouse button to get the same
result. It just gives you a second to check that you did it right
before finally committing to the move/copy.
Sure, it's an axtra mouse click, but I'd rather that than end up with
rogue files all over the place.
> JDS wrote:
>> On Thu, 30 Nov 2006 21:30:00 +0000, The Condor wrote:
>>
>>> Could Windows do that? Hardly so!
>>
>> Actually, yes, it could.
>>
>> Also, the comparison you make is apples and oranges, comparing CLI
>> commands to GUI equivalents.
>>
>> What happens when a user, using Gnome on Ubuntu, say, slips with their
>> mouse in the same way you describe as when using Windows Explorer? huh?
>> well? huh? What happens, then, bub?
>>
> Can't say about Gnome on Ubuntu, but in KDE on Mandriva, whenever you
> drag and drop files, you get a menu asking if you want to copy or move.
> that menu has a cancel option that has saved my butt a couple of times.
>
I think the orriginal poster meant, but he didn't say very well so its sort
of a wild guess, that you can't accidentally do major damage because you
can't move what you don't have rights to.
Simmilarly with rm you can't remove what you don't have rights to.
"Wayne McClaine" <gary.g...@gmail.com> wrote in message
news:1164925210.3...@n67g2000cwd.googlegroups.com...
>
> JDS wrote:
>> On Thu, 30 Nov 2006 21:30:00 +0000, The Condor wrote:
>>
>> > Could Windows do that? Hardly so!
>>
>> Actually, yes, it could.
>>
>> Also, the comparison you make is apples and oranges, comparing CLI
>> commands to GUI equivalents.
>>
>> What happens when a user, using Gnome on Ubuntu, say, slips with their
>> mouse in the same way you describe as when using Windows Explorer? huh?
>> well? huh? What happens, then, bub?
>>
>> --
>> JDS
>
> Most Linux users would have the presence of mind to NOT run as root
> [UID=0] but as some UID>100.
>
> Most Windows users must run as Administrator in order for apps to
> install and work.
Most Linux users must run as Administrator in order for apps to
> Simmilarly with rm you can't remove what you don't have rights to.
>
But you can fsck up with files you do have rights to.
>> Most Windows users must run as Administrator in order for apps to
>> install and work.
>
> Most Linux users must run as Administrator in order for apps to
> install and work.
No. You can install a user-land app in your own ~/bin directory if you
want.
And no, the Linux user is /not/ running as root (or, as what you so
quaintly call it, "Administrator"). The Linux user is running only the
installer (or the console window) as root.
And the Linux user doesn't have to run these fun apps as
"administrator":
http://support.microsoft.com/default.aspx?scid=kb;en-us;307091
3D Frog Frenzy
3D GameStudio World Editor
ACDSee 3.0
Acid
Age Of Empires II - The Age of Kings
Age Of Empires II - The Conquerors
Age of Mythology
Axion 3D World Atlas
Axis and Allies
Backyard Baseball 2001
Baldur's Gate II
Barbie as Princess Bride
Baseball 2001
BodyWorks 6.0
Browning Duck Hunter
Caesar III
Calendar Creator 7.0
Championship Bass
Cleaner 5.02
Combat Flight Simulator
Combat Flight Simulator 3
Combat Flight Simulator WWII Europe Series
Command and Conquer Tiberian Sun
Command AntiVirus 5.9.1
Cook'n 2000
Copernic 2001 Basic 5.0
Create Resumes Quick and Easy 3.0
Custom Cookbook 1.0
Dark Majesty Links 2001
Dear Parents
Deer Hunter 3
Delta Force 2
Delta Force Land Warrior
Diablo II
Dirt Track Racing
Dirt Track Racing Sprint Cars
Driver
DropStuff 5.0
Earthlink 5.05 Limited User
EasyUninstall 2000
Falcon 4
Fix-It 2000
Flight Simulator 2004, A Century of Flight
Forgotten Realms Interactive Atlas
Freelancer
Greetings 2001
Gunman Chronicles
Hallmark Card Studio 2 Deluxe
Harley Davidson Race Across America
Harley Davidson Wheels of Freedom
High Heat 2002
Hitman
Home Design 3D 5.0
Home Publishing 2000
Homeworld
Hoyle Solitaire and Mahjong Tiles
Icewind Dale
Incredimail 2001
Internet Cleanup 1.04
IomegaWare
Jedi Knight Dark Forces ll
Jumpstart 1st Grade
JumpStart Toddlers Deluxe
Legal Forms and Guide 1.0
Links LS 2001
Little Mermaid II
M
Madden 2001
Mary-Kate and Ashley's Dance Party of the Century
MasterCook Suite 6.0
Matchbox Construction Zone
Math Blaster Ages 6 - 7
Math Blaster Ages 8 - 9
Mavis Beacon Teaches Typing 11
MechCommander 2
MechWarrior 4
MechWarrior 4: Black Knight
Mechwarrior 4: Mech Paks
MechWarrior 4: Mercenaries
Media Studio Pro 6.0.0.2
Mickey Mouse Preschool
Microsoft Flight Simulator 98
Microsoft Flight Simulator 2000
Microsoft Flight Simulator 2002 Professional
Microsoft Flight Simulator 2004 Century of Flight
Microsoft Train Simulator 1.x
Microsoft Money 2000
Microsoft Money 2001
Microsoft Money 2002
Microsoft Money 2003
Midtown Madness
Midtown Madness 2
Monster Truck Madness 2
Motocross Madness
Motocross Madness 2
MSN Messenger Service
Multimedia Law Library 1.0
My Disney Kitchen
NASCAR 4
NASCAR Heat
NBA Inside Drive 2000
NBA Live 2000
NeoTrace 3.01
NHL 2000
NHRA Drag Racing
No One Lives Forever
Norton AntiVirus 2001
Norton CrashGuard 4
Paint Shop Pro 7.0
Pandoras Box
PC Attorney
Pheasant Hunt Challenge
PhotoSuite 4.0
PictureIt! Publishing Platinum 2001
Plus Game Pack
Pokemon Project Studio Blue Version
Pokemon Project Studio Red Version
Pooh Kindergarten
Pooh Toddler
Print Master Gold 10
PrintShop Deluxe 11
Professional Resume Plus 1.0
Proventure Greeting Cards 1.0
Quicken 2001 Suite
Quicktime 5 Preview 3
Radio Control Racers
Railroad Tycoon II
Rainbow Six
Rainbow Six Covert Ops Essentials
Rainbow Six Rogue Spear
Rainy Day Adventures
Rapigator 2.15
Reader Rabbit 2nd Grade
RealPlayer 8 6.0.9.450
Resume Maker Deluxe 2001
Resume Maker Deluxe 7.0
Resumes Quick and Easy 4.0
Return of Arcade
Riven
Rocky Mountain Trophy Hunter 3
Rugrats in Paris
Rugrats Totally Angelica Boredom Buster Program
Rune
SANDRA 2001
Scrabble 2
Shogun Total War
Sim City 2000
Sim Theme Park
Ski Resort Tycoon
Star Wars Episode 1 Racer
Star Wars The Phantom Menace
Stuart Little Big City Adventures 1.0
Test Drive Off-Road 1.0
The Grinch
The Mummy
The New Way Things Work
The Sims
The Sims Livin Large Expansion
The Wild Thornberrys Rambler
Tiger Woods PGA Tour 2000
Tiger Woods PGA Tour 2001
Tonka Space Station
Tony Hawks Pro Skater 2
Traitors Gate
Triple Play Baseball 2002
Ulead Photo Explorer Pro 7.0
Ultimate Hunt Challenge
Unreal
Unreal Tournament
VideoStudio 5
VideoWave 4
VMware
Wheel of Fortune 2nd Edition
Who Wants To Be A Millionaire 2nd Edition
Willmaker 8
WinOptimizer 2000
WInTune 98
WInTune 98 Direct 3D
WinWay 9.0
Works Suite 2001 Streets and Trips
Works Suite 2001/Picture It Publishing 2001
You Don't Know Jack 3
Zeus
Zip Magic 4.0
Zoo Tycoon
Zoo Tycoon: Dinosaur Digs
Zoo Tycoon: Marine Mania
Zoo Tycoon: Complete Collection
--
Press "Any" key to continue.
Hey, fuckhead, I couldn't give two fucks for any COLA gang, since no such
thing exists - except you and flatfish, with your heads up each other's
arses.
--
Kier
--
Kier
[snippety]
> And the Linux user doesn't have to run these fun apps as
> "administrator":
>
> http://support.microsoft.com/default.aspx?scid=kb;en-us;307091
Interesting that the majority of the titles seem to be entertainment
products, the kind you'd expect the kiddies or casual users to be
running - the ones that probably have the least chance to identify
possible threats among downloads, web pages and emails.
--
Time flies like an arrow, fruit flies like a banana. Perth ---> *
15:40:09 up 22 days, 13:21, 3 users, load average: 0.05, 0.09, 0.09
Linux 2.6.18.1 x86_64 GNU/Linux Registered Linux user #261729
The Gang of Two <grin>
--
Kier
Exactly....
That was why I posted "It's hard to argue with that post".
Me too me too!!
BTW, did you see the other thread where Hadron finally admitted he
deliberately posts stuff trying to annoy people. He was bragging about
how well it was working.
Sad thing is, he might be interesting, if he stopped being the arrogant
arsehole he currently is.
--
Kier
Exactly. Neither he nor flatfish are the slightest bit interested in
using Linux. Flatfish installed Linux like 5-10 years ago, couldn't
figure out how to use it, and went back to Windows and OS/X. Jealous of
other people who can use Linux, he frequently flies into a rage when
"trolls" like Kier and Mark Kent rub him the wrong way. He can't find
his way out of this newsgroup either, so he vents his frustration again
because of that too.
And when flatty did manage to install Linux, it was a stolen copy he
returned to the store for a refund, AFTER he made all these copies for
himself and his friends. We just haven't kicked him out yet, because
he's so fun to kick around. :-)
----== Posted via Newsfeeds.Com - Unlimited-Unrestricted-Secure Usenet News==----
http://www.newsfeeds.com The #1 Newsgroup Service in the World! 120,000+ Newsgroups
----= East and West-Coast Server Farms - Total Privacy via Encryption =----
Nope. He knows very little about linux at all.
Just stopping being a twit does not make him any more interesting
Apart from that, he is a prick in the ubunto forum too
And it shows that he knows next to nothing about linux
But then, he is just a "kernel hacker" and "true linux advocate"
--
Cuiusvis hominis est errare, nullius nisi insipientis in errore
perseverare. [Cicero, Philippica 12, 2]
Wrong. So wrong its not funny. Proof?
> figure out how to use it, and went back to Windows and OS/X. Jealous
> of other people who can use Linux, he frequently flies into a rage
> when "trolls" like Kier and Mark Kent rub him the wrong way. He can't
> find his way out of this newsgroup either, so he vents his frustration
> again because of that too.
Rage? He normally shrugs and laughs at the lies.
>
> And when flatty did manage to install Linux, it was a stolen copy he
> returned to the store for a refund, AFTER he made all these copies for
> himself and his friends. We just haven't kicked him out yet, because
> he's so fun to kick around. :-)
"We". How sad.
Oh, I think he uses it, all right. That's why his constant rubbishing of
it, and the Linux community in general, is so stupid and hypocritical.
Without the efforts of the Linux devs and the community, Linux distros
wouldn't exist for him to get his pathetic jollies slamming.
Sure, there is dodgy Linux software, just like there is dodgy Windows and
Mac software. But the majority of apps I use are great.
>
> And when flatty did manage to install Linux, it was a stolen copy he
> returned to the store for a refund, AFTER he made all these copies for
> himself and his friends. We just haven't kicked him out yet, because
> he's so fun to kick around. :-)
And yet Linux users are supposed to be cheapskates. What a pustulant
pimple he is.
--
Kier
>> He's doing a "kier" : in other words currying favour with the COLA gang
>> by pretending Linux is better at something that Windows. Pity he made
>> such a pigs ear of it. Either that or, and is likely re-reading the
>> rubbish he wrote, it's just someone pulling the legs of the COLA zealots
>> to try and get a "me too".
>
>
> Hey, fuckhead, I couldn't give two fucks for any COLA gang, since no such
> thing exists - except you and flatfish, with your heads up each other's
> arses.
I thought you discouraged such flaming style posts in COLA. Maybe I am
thinking of someone else. I am not saying you should not defend yourself
when someone speaks poorly of you, just noting I *believe* you have warned
me against doing much the same.
--
€ It is OK to email yourself files and store them there for a few weeks
€ No legislation supercedes the Constitution (unless it amends it)
€ Apple's video format is not far from NTSC DVD and good enough for most
I wasn't talking about just application installation - I am talking
about application execution. So - without LOGGING OFF the workstation,
I can in most non-Win systems, su to root, install my app, exit the su,
and start using the app as a non-root user.
If I do not tread on lower TCP listening ports, I can even install
without the su.
-Gary
>BTW, did you see the other thread where Hadron finally admitted he
>deliberately posts stuff trying to annoy people
A troll doing that? Say it ain't so!
This Semmel guy is just spreading FUD possibly out of utter ignorance
but more likely because of stupidity.
> I wasn't talking about just application installation - I am talking
> about application execution. So - without LOGGING OFF the
> workstation, I can in most non-Win systems, su to root, install my
> app, exit the su, and start using the app as a non-root user.
>
> If I do not tread on lower TCP listening ports, I can even install
> without the su.
Eh? What have TCP low ports got to do with installing SW?
Yes, the Windows crowd is easy to spot. You can tell them by their
blinders. Usually, have little understanding of computers in general.
Once they gain some understanding, you usually see the wheels start to
move and light bulbs go off above their heads as they actually start
thinking about these machines and not just doing what they're told.
> > If I do not tread on lower TCP listening ports, I can even install
> > without the su.
>
> Eh? What have TCP low ports got to do with installing SW?
In Linux and Unix you cannot listen on ports lower than 1024 as a
non-root user. See http://www.iana.org/assignments/port-numbers. I
don't know who IANA is or what they have to do with networking in
general ;-)
In Windows, you practically can't do diddly shee-ite as a
non-Administrator user - in a server manner of speaking.
-Gary
File systems permissions allowing, of course. :-) In any
event "logging off" on Linux is a slightly funny concept,
mostly because one can have multiple logins on each of the
virtual consoles. However, it's otherwise straight Unix --
and many Unixes nowadays support multiple virtual consoles
as well.
In Linux one can also run multiple X servers, video RAM
and system RAM permitting. One could in principle run
two of them, one logged in as user, one logged in as root,
and switch between them using CTRL-ALT-F7 and CTRL-ALT-F8
(on most configs).
Gentoo/Gnome has a nested login capability as well.
Basically, this fires up an Xnest with a gdm, which then
prompts the user to log in. The effect is a window into
another virtual display, which is effectively another
workspace as far as visual issues are concerned -- but one
can also use DISPLAY=:1 some-x-based-tool if authorization
permits as well.
--
#191, ewi...@earthlink.net
Windows Vista. Because a BSOD is just so 20th century; why not
try our new color changing variant?
--
Posted via a free Usenet account from http://www.teranews.com
"Linonut" <lin...@bone.com> wrote in message
news:-uWdnd7KC44coO3Y...@comcast.com...
> After takin' a swig o' grog, Ian Semmel belched out this bit o' wisdom:
>
>>> Most Windows users must run as Administrator in order for apps to
>>> install and work.
>>
>> Most Linux users must run as Administrator in order for apps to
>> install and work.
>
> No. You can install a user-land app in your own ~/bin directory if you
> want.
>
> And no, the Linux user is /not/ running as root (or, as what you so
> quaintly call it, "Administrator"). The Linux user is running only the
> installer (or the console window) as root.
Well "Enter your password to perform administrative tasks" (Ubuntu) seems
fairly close. If you know this password you can do what you want.
>
> And the Linux user doesn't have to run these fun apps as
> "administrator":
Who cares ? You don't need to be administrator to run "fun apps" in windows
either.
In both windows and linux, we have to make a distinction between a desktop
operated by a home user and a workstation in a corporate environment.
In the home user case, the normal thing would be that the user has access to
administrative tasks and needs the ability to do anything with the computer.
Having to log on as administrator (even temprarily) is a pain.
In the corporate case, you normally wouldn't want users to be able install
anything, including "fun apps".
I know but what do TCP low ports have to do with installing SW?
> In Windows, you practically can't do diddly shee-ite as a
> non-Administrator user - in a server manner of speaking.
Windows is insecure by design. No more need be said about it.
On Fri, 01 Dec 2006 13:26:47 +0000, Ian Semmel wrote:
>> Most Windows users must run as Administrator in order for apps to
>> install and work.
>
> Most Linux users must run as Administrator in order for apps to install
> and work.
Shows what you know.
sudo apt-get install appfoo
Imagine that. Running _as a user_, I can install appfoo. No need for me
to become root whatosever.
Hell, even Windows has a "runas" command, which does similar things. Only
thing is, most Windows users don't need it - they're already running as
Administrators.
>> After install, you can block root from logging in via the console, SSH,
>> or Telnet and still have an easily manageable system
Actually, if you use Ubuntu, you can't log in as root _at all_ by default;
there's no root password to authenticate with. Not via ssh, not from the
console, not from telnet.
Closest you can come is to log in as yourself then do an sudo bash to get
a command prompt running with elevated privileges. However, this is both
risky and unnecessary. If you use one sudo command, sudo will remember
your password for the session (or until its timer expires) in which case
you can issue further sudo commands without re-entering the password.
Only annoyance is that the GUI doesn't have a similar option. On some
distros - and even older versions of KUbuntu, IIRC - there was a checkbox
to say "keep password". Doesn't seem to want to show up on my setup. A
minor issue at most.
On Fri, 01 Dec 2006 08:34:41 -0600, Linonut wrote:
> Microsoft Flight Simulator 98
> Microsoft Flight Simulator 2000
> Microsoft Flight Simulator 2002 Professional Microsoft Flight Simulator
> 2004 Century of Flight Microsoft Train Simulator 1.x
> Microsoft Money 2000
> Microsoft Money 2001
> Microsoft Money 2002
> Microsoft Money 2003
> MSN Messenger Service
Am I the only one who finds it amusing that even MS can't write software
that works properly with their *own* security model?
>> Most Linux users must run as Administrator in order for apps to install
>> and work.
>
>Shows what you know.
>
>sudo apt-get install appfoo
>
>Imagine that. Running _as a user_, I can install appfoo. No need for me
>to become root whatosever.
>
>Hell, even Windows has a "runas" command, which does similar things.
But doesn't work worth a shit.
Well, that comes naturally when running windows
--
Machine-Independent, adj.:
Does not run on any existing machine.
I tried it once. I was rapidly cured :-)
My Nokia 770 doesn't need to run as root for installing packages,
neither does my lad's OSX machine. This is a Windows thing.
--
| Mark Kent -- mark at ellandroad dot demon dot co dot uk |
People humiliating a salami!
On Fri, 01 Dec 2006 15:20:07 -0600, chrisv wrote:
>>Hell, even Windows has a "runas" command, which does similar things.
>
> But doesn't work worth a shit.
You're talking about Windows - what *does*? :)
Outlook Express - also known as the Microsoft Virus Deployment System.
Bundled free with every copy. Yeesh.
On Fri, 01 Dec 2006 20:13:01 +0000, Ian Semmel wrote:
>> And no, the Linux user is /not/ running as root (or, as what you so
>> quaintly call it, "Administrator"). The Linux user is running only the
>> installer (or the console window) as root.
>
> Well "Enter your password to perform administrative tasks" (Ubuntu) seems
> fairly close. If you know this password you can do what you want.
That executes a single thing - package manager, say - with elevated
privileges. It does not make the user run as root, as can easily be
demonstrated: run the package manager, enter the password. Fire up a
file manager, try to delete something you don't have privileges to.
Voila.
Running _an app_ with elevated privileges, rather than becoming root, is
much, much safer, yet gives you the flexibility to do things you need to
do.
>> And the Linux user doesn't have to run these fun apps as
>> "administrator":
>
> Who cares ? You don't need to be administrator to run "fun apps" in
> windows either.
Actually, the point to the list was that you *do* need to run them that
way, or they encounter problems. Even some of MS's own apps have this
issue.
> In both windows and linux, we have to make a distinction between a desktop
> operated by a home user and a workstation in a corporate environment.
No, we don't. I use 'em in both. In both, I run with a _user_ account.
In both, if I need to do something systemic, I use sudo to run that app.
They work *exactly the same way*. At least in Linux.
> In the home user case, the normal thing would be that the user has access
> to administrative tasks
Only in Windows, because Windows is retarded when it comes to security.
In Linux, the user runs _as a user_ and it works just fine. If he needs
access to a system-level function, there's sudo.
Don't confuse the fact that most Windows users _do_ run as Admin with an
argument that they _should_. It's not. It is simply a side-effect of
Windows being retarded about security.
> and needs the ability to do anything with the
> computer. Having to log on as administrator (even temprarily) is a pain.
Who the hell logs in as root to do admin-level things? I sure don't.
Completely unnecessary. I have the option to run those things, with admin
privileges, if I want, but except for system-level stuff, I don't need to.
One of the perks of getting this sort of thing right is that apps _work_
when run in a user (rather than admin) context and it is *easy* to access
the admin-level stuff when you need to.
If this is a pain to do in Windows, it's because Windows can't do
something so basic, so simple, without screwing it up. Talk to MS, get
them to fix it. Linux manages this stuff simply and effectively.
> In the corporate case, you normally wouldn't want users to be able
> install anything, including "fun apps".
In the corporate case, they wouldn't have - or need - the root password,
or they wouldn't belong to the "wheel" group, etc. Yet they can run all
their apps just fine.
> The Condor <K...@SPAM.com> writes:
>
>> When you in Windows Explorer tries to copy and move files, your
>> fingers are prone to slip, and thus dropping files in wrong
>> folders and therefore rendering the filestructure completly
>> unuseable for Windows
>>
>> On the other hand we have Linux, where cp and rm and mv makes
>> infallible tools for the security oriented systemadmin
>
> And a finger slip is much more deadly. Well done.
So, you "finger slip" and have to restore from backups. Big deal. Next time
you'll check your root commands before executing.
--
Regards,
Gregory.
"Ding-a-ding-dang,My Dang-a-long ling-long"
Well look at the bright side....um....ermm.....ah...never mind. :-)
As for the subject:
[1] Easy: Linux distros are easy enough, for those who
care to learn. Sure there are differences from Windows.
It's not Windows. But it's not hard, either, though
some distros are more straightforward than others.
[2] Secure: About as secure as one might expect, and
certainly easier to secure than Windows, if only because
by default it doesn't allow anything so one has to *add*
permissions rather than subtract them, for the most part.
Of course true security is not something that can be
accomplished by a single product; one must supplement it
with procedures. For example, the most secure system won't
do a thing for the user if the user uses the password ''.
Fortunately, GUI-based Linux installations generally prompt
the user for two accounts and two passwords (at least,
AFAIK; certainly Debian does).
[3] User-oriented: I have *no* idea what this means,
precisely. At best, Linux is differently-oriented, but
characterizing its orientation (I'm assuming here that
"orientation" = "general focus" or "easiest to do" in some
form) may depend on the application.
--
#191, ewi...@earthlink.net
/dev/brain: Permission denied
On Fri, 1 Dec 2006 21:14:47 +0100,
Roy Culley <mr...@spamme.zz> wrote:
> begin risky.vbs
> <1165003188.5...@n67g2000cwd.googlegroups.com>,
> "Wayne McClaine" <gary.g...@gmail.com> writes:
>> Roy Culley wrote:
>>
>>> Eh? What have TCP low ports got to do with installing SW?
>>
>> In Linux and Unix you cannot listen on ports lower than 1024 as a
>> non-root user. See http://www.iana.org/assignments/port-numbers. I
>> don't know who IANA is or what they have to do with networking in
>> general ;-)
>
> I know but what do TCP low ports have to do with installing SW?
>
well, you can install apache as a non-root user, but if it's configured
to listen on <1025 then it won't startup as a non-root user. The install
may even fail if it does a configcheck as part of the install. (or if it
starts up apache as part of the install)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.3 (GNU/Linux)
iD8DBQFFcLiXd90bcYOAWPYRAhf3AJ9wEWOZv+Itx2HbFS2lO9bGVnLdggCgis8Q
TAL5+K6giDaYDWN9Ltrxgqk=
=FSyI
-----END PGP SIGNATURE-----
--
Jim Richardson http://www.eskimo.com/~warlock
What this world needs is a good five-dollar plasma weapon.
Aye lad, but what has that got to do with installing SW and low ports?
What is it about 'lower TCP listening ports' and 'su'? None that I
know of.
> Well "Enter your password to perform administrative tasks" (Ubuntu) seems
> fairly close. If you know this password you can do what you want.
No shit, Sherlock.
> Who cares ? You don't need to be administrator to run "fun apps" in windows
> either.
The admittedly old Microsoft link I showed you hints otherwise.
> In the home user case, the normal thing would be that the user has access to
> administrative tasks and needs the ability to do anything with the computer.
> Having to log on as administrator (even temprarily) is a pain.
Sure it is, at first. Why take the risk of running network apps as
root, however. That's just plain dumb.
But, if you really wanted to, you can have the installer or root console
on at all times, minimized.
> In the corporate case, you normally wouldn't want users to be able install
> anything, including "fun apps".
Agreed.
--
I'd rather have a bottle in front of me
than a frontal lobotomy.
On Sat, 2 Dec 2006 01:23:58 +0100,
Roy Culley <mr...@spamme.zz> wrote:
> begin risky.vbs
> <ntp644-...@dragon.myth>,
> Jim Richardson <war...@eskimo.com> writes:
>> On Fri, 1 Dec 2006 21:14:47 +0100,
>> Roy Culley <mr...@spamme.zz> wrote:
>>> begin risky.vbs
>>> <1165003188.5...@n67g2000cwd.googlegroups.com>,
>>> "Wayne McClaine" <gary.g...@gmail.com> writes:
>>>> Roy Culley wrote:
>>>>
>>>>> Eh? What have TCP low ports got to do with installing SW?
>>>>
>>>> In Linux and Unix you cannot listen on ports lower than 1024 as a
>>>> non-root user. See http://www.iana.org/assignments/port-numbers. I
>>>> don't know who IANA is or what they have to do with networking in
>>>> general ;-)
>>>
>>> I know but what do TCP low ports have to do with installing SW?
>>
>> well, you can install apache as a non-root user, but if it's
>> configured to listen on <1025 then it won't startup as a non-root
>> user. The install may even fail if it does a configcheck as part of
>> the install. (or if it starts up apache as part of the install)
>
> Aye lad, but what has that got to do with installing SW and low ports?
> What is it about 'lower TCP listening ports' and 'su'? None that I
> know of.
You can't bind to a <1025port without root privs. That's why bind et
all, start off as root, and drop privs after binding to the port. This
was a cause of quite a few of the *nix vulnerabilities in the past.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.3 (GNU/Linux)
iD8DBQFFcRB/d90bcYOAWPYRAg2mAJ9xjEZOx56O2AkswxRZB1vNKFx6LQCg2ugA
c653yCp2oe15PojOguD8Aus=
=qc7f
-----END PGP SIGNATURE-----
--
Jim Richardson http://www.eskimo.com/~warlock
"Hacking's just another word for nothing left to kludge." - Anon.
on Ubuntu, at least as of 6.10, don't recall if it worked this way
earlier, gksudo will remember the passwd for the std sudo duration. Call gksudo within the timeout period, and it doesn't prompt for a passwd.
>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.3 (GNU/Linux)
iD8DBQFFcQ+8d90bcYOAWPYRApUVAKCZILaALUoUiNrNscdltfPvcsdQXACeOwmt
ijZv3B30y6mo8MpAGriSNls=
=56o6
-----END PGP SIGNATURE-----
--
Jim Richardson http://www.eskimo.com/~warlock
Disclaimer: Elvis would agree with me, but he's got dirt in his mouth.
> Hadron Quark wrote:
>
>> The Condor <K...@SPAM.com> writes:
>>
>>> When you in Windows Explorer tries to copy and move files, your
>>> fingers are prone to slip, and thus dropping files in wrong
>>> folders and therefore rendering the filestructure completly
>>> unuseable for Windows
>>>
>>> On the other hand we have Linux, where cp and rm and mv makes
>>> infallible tools for the security oriented systemadmin
>>
>> And a finger slip is much more deadly. Well done.
>
> So, you "finger slip" and have to restore from backups. Big deal. Next time
> you'll check your root commands before executing.
Thanks for those words of wisdom Greg.
"backup" : and you heard it here first.
> "Kier" <val...@tiscali.co.uk> stated in post
> pan.2006.12.01....@tiscali.co.uk on 12/1/06 7:48 AM:
>
>>> He's doing a "kier" : in other words currying favour with the COLA gang
>>> by pretending Linux is better at something that Windows. Pity he made
>>> such a pigs ear of it. Either that or, and is likely re-reading the
>>> rubbish he wrote, it's just someone pulling the legs of the COLA zealots
>>> to try and get a "me too".
>>
>>
>> Hey, fuckhead, I couldn't give two fucks for any COLA gang, since no such
>> thing exists - except you and flatfish, with your heads up each other's
>> arses.
>
> I thought you discouraged such flaming style posts in COLA. Maybe I am
> thinking of someone else. I am not saying you should not defend yourself
> when someone speaks poorly of you, just noting I *believe* you have warned
> me against doing much the same.
Sad isn't it?
Kier constantly tells people off, but occasionally he loses the rails
and his language is like a boxcar hobo that hasnt had a swig of petrol
for an hour. It says a lot.
On Fri, 01 Dec 2006 21:31:40 -0800, Jim Richardson wrote:
> on Ubuntu, at least as of 6.10, don't recall if it worked this way
> earlier, gksudo...
I'm guessing gksudo is a Gnome thing. The KDE equivalent on other distros
handles this, but not, apparently, the one for (K)Ubuntu.
Too weird.
I think it's handeled in gnome-keyring. Suspect kwallet could be used
for much the same purpose.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.3 (GNU/Linux)
iD8DBQFFcT0Wd90bcYOAWPYRAkvqAJ0XSpPJPRmBA0fKPtNCb7u69PjlmwCfdr5+
HDnrEZ9q6RkqXaxorVmRJbg=
=CG1c
-----END PGP SIGNATURE-----
--
Jim Richardson http://www.eskimo.com/~warlock
Dash Dash Space
> Snit <SN...@CABLEONE.NET.lNVALID> writes:
>
>> "Kier" <val...@tiscali.co.uk> stated in post
>> pan.2006.12.01....@tiscali.co.uk on 12/1/06 7:48 AM:
>>
>>>> He's doing a "kier" : in other words currying favour with the COLA gang
>>>> by pretending Linux is better at something that Windows. Pity he made
>>>> such a pigs ear of it. Either that or, and is likely re-reading the
>>>> rubbish he wrote, it's just someone pulling the legs of the COLA zealots
>>>> to try and get a "me too".
>>>
>>>
>>> Hey, fuckhead, I couldn't give two fucks for any COLA gang, since no such
>>> thing exists - except you and flatfish, with your heads up each other's
>>> arses.
>>
>> I thought you discouraged such flaming style posts in COLA. Maybe I am
>> thinking of someone else. I am not saying you should not defend yourself
>> when someone speaks poorly of you, just noting I *believe* you have warned
>> me against doing much the same.
>
> Sad isn't it?
I'll tell you what's sad, boyo. That you think you're superior to everyone
here.
>
> Kier constantly tells people off, but occasionally he loses the rails
> and his language is like a boxcar hobo that hasnt had a swig of petrol
> for an hour. It says a lot.
Twerps like you nd flatfish don't deserve politeness. You will look hard
and long before you find a post where I've used such language to Snit.
--
Kier
Grief, I must be really thick or something. What have TCP low ports and
installing SW got to do with each other? That was my question. Do you
need to run a service on a low port to install SW under Linux? That's
news to me.
I think this has been a standard sudo configurable feature for many
years. You can specifiy how long before you need to re-enter the
password. Works that way on kubuntu although the default timeout is a
little short IMHO.
I shan't take a side in your debate with Flatfish, but I will note he has
been reasonable and kind in my talks with him, even when we have disagreed.
--
€ Different version numbers refer to different versions
€ Macs are Macs and Apple is still making and selling Macs
€ The early IBM PCs and Commodores shipped with an OS in ROM
On Sat, 2 Dec 2006 17:20:12 +0100,
No, but if you install something, as non-root, and the install attempts
to bind to a low port as part of the setup (thing apache's configtest)
or the service attempts to start up as part of the install, it will fail
to do so. Further, since most daemons of this nature put something into
/etc/init.d even if you relocate the /usr portion, that part will fail.
It's not that you *can't* install such packages as non-root, just that
you'll have to take a couple extra steps for it to work. Most
non-daemon apps aren't this finicky, so installing something like gimp,
or wine, are a different ball of wax. But for stuff that expects to bind
to a low port, you'll need to take the extra steps.
I can't make it any plainer than that, sorry.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.3 (GNU/Linux)
iD8DBQFFcew3d90bcYOAWPYRAotNAJoDKeNRzfPG7sEMmeNlWpFgq0rMVgCgkE6x
WmO6G1JaE0flISiOJUCB+cA=
=Zrtk
-----END PGP SIGNATURE-----
--
Jim Richardson http://www.eskimo.com/~warlock
Words fail me. Thank goodness I can make gestures.
-- Mark Hughes (in asr - 2001
Kier has problems understanding that most of us dont give a toss about
his pathetic, whining and net nannying. He's like an 8 year old "elder
sister" : constantly telling people off and prancing around thinking
he's mummy. The day he advocates Linux will be a surprise for all.
> Kier has problems understanding that most of us dont give a toss about
> his pathetic, whining and net nannying. He's like an 8 year old "elder
> sister" : constantly telling people off and prancing around thinking
> he's mummy. The day he advocates Linux will be a surprise for all.
You have problems understanding I don't give a toss for what you think,
and yes, I do advocate Linux, far more than I've seen you do. In fact, I
posted some advocacy today, on the topic of multimedia.
--
Kier
Kier has been kind and reasonable in his talks with me. I have no argument
with him.
--
€ The tilde in an OS X path does *not* mean "the hard drive only"
€ Things which are not the same are not "identical"
€ The word "ouch" is not a sure sign of agreement.
Look Jim, installing SW has now't do to with low ports. That was the
point I was trying to make. Your apache's configtest, never noticed
that beast myself, simply shows that you must be root to run it. Most
SW installs require you to be root. Care to give another example of a
SW install requiring a bind to a low port? I know of none for actual
SW install. Starting the SW is something else. I'm referring to SW
installation only.
--
I've asked time and time again for people to prove that I primarily spout
FUD. - Funkenbusch, Sat, 2 Dec 2006
On Tue, 5 Dec 2006 01:57:19 +0100,
if all you are concerned with is installing, and you install to no
privilieged lcoations, require changes to no privileged files, and don't
have a post install script that will barf on non-UID0 installs, then
duh, you don't need root to install. Which is kindof the point.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.3 (GNU/Linux)
iD8DBQFFdNsid90bcYOAWPYRArT0AKCj95wrLt2mwJQ4J5DnnX2igWlQ3QCgxs5K
XSR+FPiDNrV85Kvdj14EguA=
=J6dr
-----END PGP SIGNATURE-----
--
Jim Richardson http://www.eskimo.com/~warlock
The United States of America: Screwing with the
English Language for over 200 years.
--Mike Sphar