the power of being root

Magnus Therning magnus at therning.org
Thu May 19 06:40:11 UTC 2005


On Tue, May 17, 2005 at 02:28:53AM +0700, sn00bb0rn.linux gmail wrote:
>My question is, is that a normal in *nix world ? I imagine how
>powerfull an computer administrator of a company will be. He can read
>*all sensitive data* that beyond his level. Please tell me, and point
>me where my understanding of this matter that was wrong. Sorry for the
>unproper English.

You have understood it perfectly, and also realised the dangers. Good!
Many people don't get that healthy feeling of fear when playing around
as root :-)

If you are interested in access control it might help you out to know
that what Unix has traditionally is called Discretionary Access Control
(DAC, permissions on objects are at the discretion of the owner). AFAIK
there is a root (sometimes called something else but still all powerful)
in each OS with DAC. On Windows the equivalent of root is the
Administrator and the group of Administrators. (The group means that it's
possible to delegate root powers and make several users all powerful.
Couple this with a poorly understood security model (ACLs) and you end up
in the scary situation where every user is an Administrator just to be
able to use the computer the way they want.)

"The other way" is Mandatory Access Control (MAC). There are several
systems that implement a MAC for Linux, SELinux is arguably the most
well-known. Others include LIDS, Umbrella, DTE for Linux. These are just
the ones I can remember right now, I'm sure there are many more.

/M

-- 
Magnus Therning                    (OpenPGP: 0xAB4DFBA4)
magnus at therning.org
http://magnus.therning.org/

Software is not manufactured, it is something you write and publish.
Keep Europe free from software patents, we do not want censorship
by patent law on written works.

Crypto is not mathematics, but crypto can be highly mathematical,
crypto can use mathematics, but good crypto can be done without a
great reliance on complex mathematics.
      -- W T Shaw
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
URL: <https://lists.ubuntu.com/archives/ubuntu-users/attachments/20050519/a2564822/attachment.sig>


More information about the ubuntu-users mailing list