Re: Rational for debian group accounts
Hi,
>>"Jean" == Jean Pierre LeJacq <jplejacq@quoininc.com> writes:
Jean> They claim it requires constant intervention by the system
Jean> administrator to add/remove users from the many groups this
Jean> approach introduces.
Hmm. This seems quite specious. The only reason to add people
to groups is because there is a desirable group based access
required; the sysadmin would still have to add people to this special
group manually.
Moreever, dumping everyone into a large catch-all grroup (as
large numbers of Unix shops do) is worse from a security standpoint:
since everyone is in this group, adding group access to any object is
the same as making the object wide open, though it may give a false
sense of security if you think the object os not world accessible.
Also, why are people being added to many groups? (ignoring the
fact that in traditional methods you still need the manual handling
for all but one groups anyway).
Am I missing something?
manoj
--
What we anticipate seldom occurs; what we least expect generally
happens. Bengamin Disraeli
Manoj Srivastava <url:mailto:srivasta@acm.org>
Mobile, Alabama USA <url:http://www.datasync.com/%7Esrivasta/>
--
TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to
debian-devel-request@lists.debian.org .
Trouble? e-mail to templin@bucknell.edu .
Reply to: