Re: Permissions Required On hosts.allow ?
On Fri, 30 Aug 2002 18:16:45 -0700, Jamie Heilman wrote:
> .. There is no legitimate reason to jump through all these
>hoops just to hide your tcp wrappers configuration from your local
>users.
I come to the Land Of Unix from mainframes, where I used to earn my
crust. The mainframes had a tight security lockdown from out of the
box (or truck, as the case usually was of course :). I'm used to a
security stance of
"access-to-anything-is-denied-unless-explicitly-permitted", which I
feel is absolutely the right approach. I'm a bit taken aback by the
idea of allowing everybody to see everything by default (mask 022 ? -
has to be the wrong thing ..) I'm constantly looking for ways of
achieving the same discretionary access control stance in my personal
Unix box. Humour me ?
>If the requirements for your host dictate minimal access rights
>use an access control system thats been designed to achieve it
I'd be very interested to hear about any such options in the Linux
world. AFAIK, Linux ACL facilities are still experimental
(http://packages.debian.org/testing/admin/kernel-patch-acl.html)
Thanks for your commentary, which was welcome.
Nick Boyce
Bristol, UK
--
The last ~700 Kalahari Bushmen are being evicted from their
ancestral homeland by the Botswanan government *now*, so that
De Beers & Anglo-American can prospect for diamonds. The
Bushmen are having their water supply cut off ...
[11.Jan.2002]
Reply to: