Date: Thu, 1 Nov 2001 14:29:11 +0100 From: "Anthony Atkielski" <anthony@atkielski.com> To: "FreeBSD Questions" <freebsd-questions@freebsd.org> Subject: Re: Tiny starter configuration for FreeBSD Message-ID: <00db01c162d9$3272bc90$0a00000a@atkielski.com> References: <005a01c161ed$a19933c0$1401a8c0@tedm.placo.com> <5.1.0.14.2.20011101165340.02192a40@pop.ozemail.com.au> <005301c162bd$59ac2740$0a00000a@atkielski.com> <006e01c162bf$8c5d87e0$0b64a8c0@becca> <006b01c162c4$c6597cb0$0a00000a@atkielski.com> <20011101224321.H35710@k7.mavetju.org> <009601c162cd$70da3190$0a00000a@atkielski.com> <20011101135558.H70817@pcwin002.win.tue.nl>
next in thread | previous in thread | raw e-mail | index | archive | help
Stijn writes: > This functionality is not in the base OS as far as I know. It's built directly into the kernel. It is present in all versions of NT/2000, as part of the base OS. Security is very deeply embedded in Windows NT. Nothing runs without a security context. > ?! *that's* a login? you mean you can actually log > on to a Windows domain using http, using base OS > functionality? Yes. If you enable authentication on IIS and specify that it is Windows domain authentication, users will be logged into the domain when they connect to the Web server, as I recall. If they are already logged into the domain, this is transparent to the user. I used to use this on an Intranet based on Windows, to provide maximum security and transparency at the same time. Depending on who you were, you could see completely different versions of a Web site. > ... *and* do something useful? As useful as any Web application gets. There are administrative functions now that you can do from the Web, and these require domain login. > Why does it work so well in practice then? It doesn't. But if you never used a more flexible system, you might not notice. > I'd think we'd all gone to a 'better' model if > there was one ... Many organizations have ... it's one of the reasons for NT's success (security is one of the significant advantages of NT over UNIX). > ... tell you what, you can also grant privileges > in *nix on another level than 'root/non-root' > nowadays (think groups, sudo, countless other possibilities). Nope. None of these replaces the fundamental limitation of root = everything. > And that's why we need to give all users > administrator access because otherwise nobody > can install any software? No, you need to do that because you don't understand NT, or because the developers writing the software didn't understand NT, or designed their software poorly. > It's all possible - go read up on sudo(1) ... I already have, and it is nothing like the architecture I describe. sudo impersonates; but in NT, you actually execute as an individual user with specific privileges to do certain things. In fact, the NT architecture is far more elaborate than what you normally see exposed in the standard user interfaces. It is possible to control these things at a very fine level. These levels are not exposed because so few sites are interested in them, and they tend to be confusing to those who don't understand them. > ... yes things still run as root ... And that is the root of the problem, so to speak. As long as you have that constraint, you have a big potential security problem. > If you work with NT, you have to keep up with > the numerous vulnerability patches ... You have to do that with UNIX, too. > ... not to mention the resource runouts ... I haven't seen these, as a general rule, even on systems running for years. Resource exhaustion is usually an application problem. > I'd rather work with 'glaringly obvious limited > security' that has proven itself for about 30 > years already. Yes, your emotional attachment to UNIX is quite obvious. > Never been there. But somehow I also wonder; > if the concepts behind this system were so great, > why weren't they reimplemented somewhere? They were. Many operating systems owe a great deal to Multics. Even NT is partially inspired by Multics. UNIX postdates Multics, but it was intended to be a simpler system, easy to administer and use. Unfortunately, this meant cutting out most of the security features. > Yep, that's UNIX for you - and the first real argument > for someone to switch to an 'easier' OS, say Windows NT. It is sufficient in itself to justify the switch, for many organizations. There are other arguments, also, such as security and ease of administration (for unsophisticated sites). > I'd really love to know what things that would be. Running with an effective UID other than 0 and performing tasks restricted to root, for example. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?00db01c162d9$3272bc90$0a00000a>