Gregory Maxwell wrote:
> I don't understand what the purpose of having a user_immutable. Immutable
> was put in as some kind of fix for morons who can't comprehend the -f flag
> and it's consiquences. It's there as part of a system lockdown function.
Not all morons are created equal. Some can spell. Your argument immediately loses
it's value when you lower yourself. If you worked in a security profession, you
would understand the value of layered access.
> If a user doesn't want to delete his files he can remove the w bit, if he
> is -f ing hten it's his own damn problem, and if apps are doing it for him
> then there are some broken apps. This is no reason to add cruft to the
> kernel, and the filesystems.
>
> Almost no one uses immutable as is anyways.
Sorry, I use it extensively for myself and clients. It is a very valuable security
option.
As I brought up in an earlier email, virtual sites have a -user- managing them, they
don't have root priviledges and won't get them. They should however have the
resources at hand to prevent their users' scripts or whatnot underneath them from
harming their data. Linux supports root or !root users. Linux doesn't have varying
levels of access. Group permissions again is not sufficient for varying levels of
access.
The only difference between Linux and Win9x is Linux has uid 0 and non uid 0. Win9x
doesn't have that distinction. A two layer access plan simply isn't sufficient for
everything. Incorporating immutable and user-immutable capabilities with a
'securelevel' capability is VERY desirable. If you don't want it, you don't have to
use it, but as evidenced here, people do want it.
-d
-- "The difference between 'involvement' and 'commitment' is like an eggs-and-ham breakfast: the chicken was 'involved' - the pig was 'committed'."
- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.rutgers.edu Please read the FAQ at http://www.tux.org/lkml/
This archive was generated by hypermail 2b29 : Mon Jun 26 2000 - 21:00:07 EST