Linked by David Adams on Tue 22nd Jun 2010 16:14 UTC, submitted by sjvn
Privacy, Security, Encryption A Computerworld editorial takes note of some interesting changes Dell made to the Linux page we linked to last week. They watered down some of their pro-Linux claims, but not as far as you might think.
Permalink for comment 431206
To read all comments associated with this story, please click here.
RE[2]: Inaccurate
by malxau on Wed 23rd Jun 2010 10:20 UTC in reply to "RE: Inaccurate"
Member since:

Huh? Since when did multiple users, multiple groups per user and file privileges have to be retrofitted to Linux? Even ACLs are supported in most Linux/Unix systems, although you could argue that they have been retrofitted because the first filesystems might not have supported them. But your statement is about as false as the OP statement that Windows is a single user system with the everything else bolted on (actually that statement is probably more true, because it actually was true at some point, your statement not)

Multiple users was always native to UNIX/Linux. It was bad wording on my part if this was interpreted otherwise.

Multiple groups per user are a retrofit in AT&T Unix Version 6. I know this sounds prehistoric, but consider the consequences: each user has a 'primary' group, so multiple groups required the concept of a 'secondary' group. This distinction is important in many ways (see man newgrp for an example.) NT has no distinction: groups are arbitrary, users can belong to many or none. If a user is in many groups, none are special. In addition, privilege is determined by built in groups, meaning that many users can be administrators; there is no equivalent to a single root user.

ACLs are now supported in UNIX/Linux, but again, this is a retrofit. Support was added in Linux kernel 2.5.46, and many distributions backported these to 2.4. They are rather foreign to UNIX, which was designed around chmod style permissions. In NT, ACLs are the only security primitive used for files/registry etc. There is a chmod call in the C library on NT, but it is very different to UNIX as there is no primary group, so UNIX-style chmod would be meaningless.

When I said privilege, what I was referring to is not file permissions, but fine grained control over different system calls. In NT, a group might have permission to (say) shut down the system; debug other users processes; create paging files; create symbolic links; load drivers; lock physical memory; change the system time; perform system wide backup or restore operations; or permission to open leaf files (if permission is granted) without requiring permission on all parent directories. There has been a push to retrofit a similar concept into Linux (as part of moving away from a single root user), but I don't know the current status of it. Perhaps somebody else here can comment...?

Reply Parent Score: 4