Re: Debian Jr. -- How are we doing?

To: Debian Junior <debian-jr@lists.debian.org>, Debian Med Project List <debian-med@lists.debian.org>
Subject: Re: Debian Jr. -- How are we doing?
From: Andrew Pimlott <ota-46@andrew.pimlott.net>
Date: Mon, 29 Jul 2002 13:36:24 -0400
Message-id: <20020729173624.GC1593@pimlott.net>
In-reply-to: <Pine.LNX.4.44.0207290949020.18978-100000@wr-linux02.rki.ivbb.bund.de>
References: <20020726164259.GJ2179@sanctuary.nslug.ns.ca> <Pine.LNX.4.44.0207290949020.18978-100000@wr-linux02.rki.ivbb.bund.de>

On Mon, Jul 29, 2002 at 10:18:38AM +0200, Andreas Tille wrote:
> (Sorry for crossposting to debian-med - but I just want to make sure that
>  people in this list will be informed ...)

I'm only on debian-med.  Cc me if you take it back to -jr.

> On Fri, 26 Jul 2002, Ben Armstrong wrote:
> > I'm becoming more of the opinion that we're trying to solve two problems at
> > once here, and that we should therefore carefully divide the two problems
> > and define the interaction between.
> You are right here.
> 
> > The first is to provide the admin with a way to enforce in their security
> > policy access to a certain pool of resources with the group.  The precedent
> > in Debian is "games".

No, games is not used in this way.  The games group exists so that
games may run set-group-ID to games, to protect high-score files
(see policy 12.11).  Since games are world-executable (like most
other programs), all users can run games; adding users to the games
group would only allow them to manipulate high scores.

Whether you can use Unix groups to achieve your security goals
depends on exactly what you're trying to accomplish.  Unix groups
have serious limitations.  For example, if you want to prevent
children from running programs outside of some set, you would have
to put all non-children in a non-children group, then arrange for
every executable that children should not run to by owned by, and
only executable by, the non-children group.  Obviously impractical.

Your only hope for "sandboxing" children is to give them limited
menus and hope they don't figure out how to do more, or use
something more sophisticated like a chroot jail or some security
extension.

> Sam provided some reasons for schools where I would be happy to let all
> pupils be in a group junior or whatever which is not allowed to use some
> certain programs.  This would really make sense in my opinion.  Moreover
> this is a needed feature for Debian-Med.  There are applications which are
> only allowed for med users. (Think of some confident databases ...)

It might be (needed), but I doubt it.  I bet that each program in
Debian-Med will have its own ideas on access control, and they will
be more fine-grained than Unix groups.  Imagine you had a med group.
Do you want all members of that group--nurses, doctors,
administrators, etc--to have access to all confidential databases?
Of course not.  You could try to define more groups, but I'm pretty
sure that it will have to be application- or at least site-specific
in the end.

So I would forget about trying to manage access via groups on a
Debian-Med-wise bases, at least for now.

Andrew

-- 
To UNSUBSCRIBE, email to debian-med-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

Reply to:

Follow-Ups:
- Re: Debian Jr. -- How are we doing?
  - From: Andreas Tille <tillea@rki.de>

References:
- Re: Debian Jr. -- How are we doing?
  - From: Andreas Tille <tillea@rki.de>

Prev by Date: Re: Vista
Next by Date: Re: Debian Jr. -- How are we doing?
Previous by thread: Re: Debian Jr. -- How are we doing?
Next by thread: Re: Debian Jr. -- How are we doing?
Index(es):
- Date
- Thread