Has Microsoft lied about the Linux features? - Microsoft Windows

This is a discussion on Has Microsoft lied about the Linux features? - Microsoft Windows ; On Tue, 07 Oct 2003 22:58:50 +0200, Menno Willemse wrote: >Hello World, > >David Sutherland wrote: >> On Tue, 07 Oct 2003 09:45:10 +0200, Menno Willemse >> wrote: > > >> One simple example: At my firm all users desktops ...

+ Reply to Thread
Page 3 of 3 FirstFirst 1 2 3
Results 41 to 48 of 48

Thread: Has Microsoft lied about the Linux features?

  1. Re: Has Microsoft lied about the Linux features?

    On Tue, 07 Oct 2003 22:58:50 +0200, Menno Willemse
    wrote:

    >Hello World,
    >
    >David Sutherland wrote:
    >> On Tue, 07 Oct 2003 09:45:10 +0200, Menno Willemse
    >> wrote:
    > >
    >> One simple example: At my firm all users desktops are locked down,
    >> and their personal documents folders are network mounted. In
    >> addition to their personal files their are many terrabytes of shared
    >> folders which use ACL's to ensure user and group access privileges.

    >
    >Are there actually ACLs on those files that say "jane and bob can use
    >this file"? Or are they in a directory where the workgroup in question
    >has access?
    >


    For some of the individual files, yes - for the majority the
    permissions are directory level.

    Is that how you want to qualify your claim? If so, fine - but if you
    look at the replies to your statement and follow-ups it should be
    obvious that you haven't expressed yourself well.

    As you point out elsewhere: directories are files, too.


    >>>On noooo! I may be breaking a number of privacy laws! A deeply worried
    >>>look passes over my face.

    >>
    >> That you have said you do work for banks *and* don't care about
    >> privacy laws suggests that you have no business working for those
    >> clients.

    >
    >Pardon me for using sarcasm on those ill-equipped to deal with it.
    >


    There is no way to read your sentence without taking it to mean that
    you are dismissive of the subject. Even as sarcasm.

    >> How do you deal with shared folders?

    >
    >mkgroup happyfew # The folks who want to share files
    >mkdir /data/happyfew # Their place for doing so
    >chgrp happyfew /data/happyfew # Put the place under the group's ownership
    >chmod 770 /data/happyfew # Give only the owner and group all rights, none
    >chmod g+s /data/happyfew # Inherit group from directory
    >chgrp "users=bob,jane,henry" happyfew # Let in the users.
    >


    Now do it for the other 4,000 users. What *is* the limit on
    /etc/group line lengths, by the way?

    Also, your usage of chgrp is....unusual. What OS do you think this
    works in, cause I sure don't recognise it.

    >Then, Bob, Jane and Henry put their files in /data/happyfew and nobody
    >except them can access 'em. You can pull more fancy stuff and create
    >subdirectories where only the owner and their managers have rights. This
    >is directory-level/group-level security, which *is* in common use.
    >
    >> No - you'r original point was that "hardly anybody uses file-level
    >> security under Windows or Unix. "

    >
    >Hope the above clarifies what I meant.
    >


    It does.

    >> This is nonsense - every single organisation I have worked for has
    >> employed file permissions for both Unix and Windows. Every single
    >> one.

    >
    >Well pardon my loose wording then. What I meant to say is that people
    >generally don't fiddle with ACLs on individual files as it's basically
    >too much trouble to take.
    >
    >> This is in direct contradiction with your previous claim that "hardly
    >> anybody uses file-level security under Windows or Unix."
    >>
    >> Make up your mind! Are they using it or aren't they?

    >
    >You know, you *could* have asked what I meant. You *could* have read the
    >post that sparked off this whole tirade and found out what I was talking
    >about. Instead, you choose to come out at me, fangs bare and slavering,
    >claiming that I'm unfit for my job.


    How do you think your "sarcasm" reads? If you don't want to be
    believed then don't say it. Sheesh.

    >Someone with your obvious lack of
    >communicative abilities should not be allowed in any customer-facing
    >job.


    People who don't say what they mean tend not to get beyond temp worker
    jobs

    > Hope they keep you in a nice air-conditioned computer room and
    >leave the talking to others.
    >


    If only. My life would be a whole lot simpler.

    >Cheers/2,
    >Menno


    Regards,
    David Sutherland
    (note **ANTI-SPAM** in reply field)

  2. Re: Has Microsoft lied about the Linux features?

    Hello World,

    David Sutherland wrote:
    [Are ACLs on individual files?].
    > For some of the individual files, yes - for the majority the
    > permissions are directory level.
    >
    > Is that how you want to qualify your claim? If so, fine - but if you
    > look at the replies to your statement and follow-ups it should be
    > obvious that you haven't expressed yourself well.
    >
    > As you point out elsewhere: directories are files, too.


    The post you refer to where I say "A Unix directory can be opened and
    read just like a normal file but not written to" mentions a lot of
    differences between directories and normal files.

    If you wander up the message tree, you will find the message where I
    make exactly that distinction. Shall I rip it out the quotes and add
    them here? Well why not?

    [Start of history]
    > Foo@bar.com:
    > they're probably talking about setting permissions at the file level
    > for individuals- there's only world, group, and owner permissions.
    > if i wanted to give "bob" permission to my file, but nobody else
    > in bob's groups, there's no easy way to do this.
    >
    > Menno Willemse:
    > Well, IBM's AIX does allow you to set Access Control Lists. (And so, by
    > the way, does Warp Server). It is probably the least used feature, maybe
    > after file systems quotas. I don't know if Linux has this in the works,
    > but demand doesn't seem to be soaring.
    >
    > Foo:
    > I hope you're kidding about the above. The scenario described there
    > is commonplace in today's working world.
    >
    > Me again:
    > No I'm not. Hardly anybody uses file-level security under Windows or
    > Unix. The usual way people do it is to create a shared directory where
    > you put stuff that you want your colleagues to look at. The most common
    > method I've seen for file sharing among Windows users is to email them a
    > copy. Now inside databases is another story...

    [End of history]

    What we were actually talking about is handing out rights to individual
    users on individual files. This is rarely done as there's no need and
    only confuses matters. Sure it may happen once or twice. But do it often
    and you end up with a filetree where nobody can make heads or tails out
    of the security situation. Which, as you will agree hopefully, is a Bad
    Thing.

    Okay, so the remark about Outlook was a bit flippant. So sue me.

    Foo Bar had no problem understanding this.

    As it happens, what you *could* do under Unix is to put your cursed file
    in a protected directory, make it world-readable and give Bob a hard
    link to the file in one of *his* protected directories. I remember doing
    this at school. Bob can make copies of the file and do with them what he
    will and when I make changes, he can peel off a new copy.

    >>>>On noooo! I may be breaking a number of privacy laws! A deeply worried
    >>>>look passes over my face.
    >>>
    >>>That you have said you do work for banks *and* don't care about
    >>>privacy laws suggests that you have no business working for those
    >>>clients.

    >>
    >>Pardon me for using sarcasm on those ill-equipped to deal with it.

    >
    > There is no way to read your sentence without taking it to mean that
    > you are dismissive of the subject. Even as sarcasm.


    Oh Kay. Let's have a quiz. Consider this situation:

    Unix sysadmin sitting in his office reading morning reports. One of said
    reports shows big batch of world-read/writable confidential data.

    Q: What would be his or her first reaction?

    A1: "Oh well..."

    A2: "Omigod!!! Omigod!!! Multiple Privacy Laws being violated! Woe is
    me! Woe is us! The Department of Justice will rightly smite us with wild
    abandon!"

    A3: chmod -r 000 /data/private Okay. Now
    who is the whoreson that opened up all those files and who is his manager?

    Now let's hold this against the light of what you said:

    David Sutherland wrote:
    > My company has around 70,000 employees and we use file permissions
    > *everywhere*. If you are not then I can only assume that you have no
    > need for any kind of security, and that there is no concept of
    > confidential data in your workplace - in which case you are probably
    > breaking a number of privacy laws.


    You have suggested A1, and hinted at A2. Whereas A3 is the correct
    (bastardly) response to a major security event. You do not gibber about
    fookin' privacy laws, you lock up that thing and see what damage was
    done, maybe restore some files from backup and hope that not too much
    stuff leaked out before you noticed. Then, you LART the person who
    opened it up.

    You were being a poncy git with your 70,000 employees (I *know* that
    being in a big corp is nothing to be especially proud of). Your remark
    about file permissions was irrelevant as we were talking about
    individual-rights-on-individual-files and you *don't* use those
    everywhere and stay sane. I have already explained at great length what
    you can do for sharing files in a secure manner. Actually there IS a
    concept of confidential data in my company and a great many electrons
    have been spent on explaning just what they mean with that. And finally,
    we have many better reasons than any bloody law to keep our data under
    wraps.

    I was not being dismissive about security (%DEITY% forbid), but about
    your remarks. Which, given what was wrong with them, is hardly surprising.

    > Now do it for the other 4,000 users. What *is* the limit on
    > /etc/group line lengths, by the way?


    Four thousand and three users needing "exclusive" access to one
    directory? What's going on? I'd have to rename the group to happyLOTS,
    for a start.

    > Also, your usage of chgrp is....unusual. What OS do you think this
    > works in, cause I sure don't recognise it.


    Drats! My mistake. chgroup. AIX command to modify group attributes.
    chgroup "users=... Thank goodness for parameter checking.

    > People who don't say what they mean tend not to get beyond temp worker
    > jobs


    Well, lucky for me then innit?

    Cheers/2,
    Menno


  3. Re: Has Microsoft lied about the Linux features?

    Hello World,

    David Sutherland wrote:
    >
    >
    > You have the participants wrong. "Ed" made the original statement and
    > from what I can see "foo" took you as saying that file permissions *in
    > general* are not employed. That's what I read prior to responding.


    Which I then cleared up by reiterating the distinction I was making and
    the matter was settled. Except with you. This is because you are playing
    "Let's see how I can misunderstand this a little further". Which is a
    game I'm now, officially, bored with.

    Cheers/2,
    Menno


  4. Re: Has Microsoft lied about the Linux features?

    On Thu, 09 Oct 2003 09:27:22 +0200, Menno Willemse
    wrote:

    >Hello World,
    >
    >David Sutherland wrote:
    >>
    >>
    >> You have the participants wrong. "Ed" made the original statement and
    >> from what I can see "foo" took you as saying that file permissions *in
    >> general* are not employed. That's what I read prior to responding.

    >
    >Which I then cleared up by reiterating the distinction I was making and
    >the matter was settled. Except with you. This is because you are playing
    >"Let's see how I can misunderstand this a little further". Which is a
    >game I'm now, officially, bored with.
    >


    You didn't clear anything up - you just made it clear that your own
    understanding wasn't as perfect as you expect everyone else's to be.
    Next time try saying what you mean and things may go better.

    >Cheers/2,
    >Menno



    Regards,
    David Sutherland
    (note **ANTI-SPAM** in reply field)

  5. Re: Has Microsoft lied about the Linux features?

    Hello World,

    Barges into a conversation without even bothering to read what it's
    about, talks a load of bollocks, skips around subjects like a paper
    kite and then tells ME to behave.

    What a strange person.

    Cheers/2,
    Menno

  6. Re: Has Microsoft lied about the Linux features?

    On 9 Oct 2003 12:00:41 -0700, flexor@wanadoo.nl (Menno) wrote:

    >Hello World,
    >
    >Barges into a conversation without even bothering to read what it's
    >about, talks a load of bollocks, skips around subjects like a paper
    >kite and then tells ME to behave.
    >
    >What a strange person.
    >
    >Cheers/2,
    >Menno



    Wow, still posting after you said you were done with me. Are you
    ever going to say something and mean it?

    What a strange person


    Regards,
    David Sutherland
    (note **ANTI-SPAM** in reply field)

  7. Re: Has Microsoft lied about the Linux features?

    David Sutherland wrote:
    >
    > Wow, still posting after you said you were done with me. Are you
    > ever going to say something and mean it?


    Bored. Are you ever going to read someone's posts properly?

    And now I'll no longer bore the members of four advocacy groups with
    this anymore. Feel free to do so if you must.


  8. Re: Has Microsoft lied about the Linux features?

    On Fri, 10 Oct 2003 10:51:22 +0200, Menno Willemse
    wrote:

    >David Sutherland wrote:
    >>
    >> Wow, still posting after you said you were done with me. Are you
    >> ever going to say something and mean it?

    >
    >Bored. Are you ever going to read someone's posts properly?
    >
    >And now I'll no longer bore the members of four advocacy groups with
    >this anymore. Feel free to do so if you must.


    What was the point of posting the above other than to try and get the
    last word in? You are transparent.


    Regards,
    David Sutherland
    (note **ANTI-SPAM** in reply field)

+ Reply to Thread
Page 3 of 3 FirstFirst 1 2 3