Re: Open then gates

To: debian-devel@lists.debian.org
Subject: Re: Open then gates
From: "Bernhard R. Link" <brlink@debian.org>
Date: Sat, 15 May 2010 13:22:02 +0200
Message-id: <[🔎] 20100515112202.GA21363@pcpool00.mathematik.uni-freiburg.de>
Mail-followup-to: debian-devel@lists.debian.org
In-reply-to: <[🔎] 1273920810.3180.75.camel@fermat.scientia.net>
References: <20091123233240.GB3498@rivendell> <20091124014626.GD29774@kunpuu.plessy.org> <20091124025256.GA11308@gnu.kitenet.net> <20091124071717.GD9409@rivendell> <87ocmqnghe.fsf@windlord.stanford.edu> <[🔎] 1273881425.31170.28.camel@fermat.scientia.net> <[🔎] 87wrv6vx2y.fsf@windlord.stanford.edu> <[🔎] 1273884940.31170.81.camel@fermat.scientia.net> <[🔎] 87sk5tzqmb.fsf@windlord.stanford.edu> <[🔎] 1273920810.3180.75.camel@fermat.scientia.net>

* Christoph Anton Mitterer <calestyo@scientia.net> [100515 12:53]:
> > If regular users can add other people to groups on your system, you have
> > way more serious security problems than user-private groups, and those
> > security problems are not created by Debian.
> Of course I talk about having this done by root.
> It seems you do not have experience with systems with several thousands
> of users, do you?
> If I'm e.g. a root user at my university, or an empowered registration
> authority for CERN,... I really cannot check whether what my users ask
> is sane.
> If user B says, please add user A to my group... I'll do it as long as
> no system user/group is involved.

Sorry, adding one user to the group of another is almost as stupid as
adding a script in /etc/cron.daily writeable by some user.

> > But that's your misconfiguration, not
> > something Debian did.
> Honestly,... real world is different... see my example above in big
> organisations, consider the fact that users have typically no idea what
> they doing...

Especially in large organisations all that "umask 022" is an extreme
pain. Finally having a sane default umask will help things here, though
I fear there are still enough other programs hardcoding 022 as if there
still were the 80ties of the last century...

Having a sane working configuration in which things that should work
work and things that should not work do not work is the best security.
Especially in large installations just having everything work and people
can just collaborate and write to the project directories and what
people write into project directories is project-writeable is the best
security: Remember that not-tech-savy users also do not know how to
properly give permissions. So if you lock things down more than needed,
all you get is people doing chmod 777 file, because that is what
obviously works...

Hochachtungsvoll,
	Bernhard R. Link

Reply to:

Follow-Ups:
- Re: Open then gates
  - From: Christoph Anton Mitterer <calestyo@scientia.net>

References:
- Re: Open then gates (was: UPG and the default umask)
  - From: Christoph Anton Mitterer <calestyo@scientia.net>
- Re: Open then gates
  - From: Russ Allbery <rra@debian.org>
- Re: Open then gates
  - From: Christoph Anton Mitterer <calestyo@scientia.net>
- Re: Open then gates
  - From: Russ Allbery <rra@debian.org>
- Re: Open then gates
  - From: Christoph Anton Mitterer <calestyo@scientia.net>

Prev by Date: Bug#581729: [SQUEEZE] Document the umask change for new installs
Next by Date: Re: Bug#581434: UPG and the default umask
Previous by thread: Re: Open then gates
Next by thread: Re: Open then gates
Index(es):
- Date
- Thread