Date: Fri, 15 Nov 2002 11:25:25 -0500 (EST) From: Robert Watson <rwatson@FreeBSD.ORG> To: Sheldon Hearn <sheldonh@starjuice.net> Cc: Soeren Schmidt <sos@spider.deepcore.dk>, freebsd-current@FreeBSD.ORG Subject: Re: /dev/acd*t* no longer available in -current? Message-ID: <Pine.NEB.3.96L.1021115112338.10878E-100000@fledge.watson.org> In-Reply-To: <20021115091313.GK76728@starjuice.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On Fri, 15 Nov 2002, Sheldon Hearn wrote: > On (2002/11/15 09:48), Soeren Schmidt wrote: > > > > Don't you think it makes more sense for the kernel to start off with > > > more restrictive permissions, and have the administrator determine > > > whether more restrictive permissions are appropriate? > > > > Actually no I dont. > > The security aware admin will know (or should that be "should know" :) ) > > what to do to make a system secure. > > The avarage user that uses FreeBSD dont, and will get confused if the CDROM > > device doesn't appear to work (ie writeprotected). > > Well I think this goes against the grain of much of the work that's > happened recently. > > Look at how sysinstall now defaults to installing an inetd.conf with no > services enabled. Look at how sshd doesn't allow root login or empty > passwords by default. Look at how IPFW defaults to deny all. Look at > how the floppy drive is inaccessible to anyone but root by default. And > so on and so forth. So one thing we could start doing is have sysinstall's adduser stuff offer to place new users in the operator group, and set up the default permissions on removable devices such that the operator group has read/write access to them (or even just read-access). This would be logically equivilent to placing users in an admin group at instlal on Windows or Mac OS X. Operator access connotes the ability to shut down the system in FreeBSD, as well as the ability to dump file systems, etc. Another possibility would be to evolve our notion of console user based on fbtab some for workstation configurations. Robert N M Watson FreeBSD Core Team, TrustedBSD Projects robert@fledge.watson.org Network Associates Laboratories To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-current" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.NEB.3.96L.1021115112338.10878E-100000>