Linked by David Adams on Tue 22nd Jun 2010 16:14 UTC, submitted by sjvn
Privacy, Security, Encryption A Computerworld editorial takes note of some interesting changes Dell made to the Linux page we linked to last week. They watered down some of their pro-Linux claims, but not as far as you might think.
Thread beginning with comment 431200
To view parent comment, click here.
To read all comments associated with this story, please click here.
RE: Inaccurate
by cycoj on Wed 23rd Jun 2010 09:26 UTC in reply to "Inaccurate"
cycoj
Member since:
2007-11-04

"You see Windows was designed as a single-user, non-networked operating system. That design is still at the heart of Windows, which is why security must always be an add-on to Windows.


This is not correct. "Windows" (1.0-3.11, 9x, me) was a natively single user product. NT (3.1-4, 2000, XP, Vista, Win7) remains natively multi user, and was always built for networks. The design of NT always included multiple users, multiple groups per user, flexible ACLs, fine grained privilege, and other concepts which Linux has been retrofitting.
"

Huh? Since when did multiple users, multiple groups per user and file privileges have to be retrofitted to Linux? Even ACLs are supported in most Linux/Unix systems, although you could argue that they have been retrofitted because the first filesystems might not have supported them. But your statement is about as false as the OP statement that Windows is a single user system with the everything else bolted on (actually that statement is probably more true, because it actually was true at some point, your statement not)

Reply Parent Score: 2

RE[2]: Inaccurate
by malxau on Wed 23rd Jun 2010 10:20 in reply to "RE: Inaccurate"
malxau Member since:
2005-12-04


Huh? Since when did multiple users, multiple groups per user and file privileges have to be retrofitted to Linux? Even ACLs are supported in most Linux/Unix systems, although you could argue that they have been retrofitted because the first filesystems might not have supported them. But your statement is about as false as the OP statement that Windows is a single user system with the everything else bolted on (actually that statement is probably more true, because it actually was true at some point, your statement not)


Multiple users was always native to UNIX/Linux. It was bad wording on my part if this was interpreted otherwise.

Multiple groups per user are a retrofit in AT&T Unix Version 6. I know this sounds prehistoric, but consider the consequences: each user has a 'primary' group, so multiple groups required the concept of a 'secondary' group. This distinction is important in many ways (see man newgrp for an example.) NT has no distinction: groups are arbitrary, users can belong to many or none. If a user is in many groups, none are special. In addition, privilege is determined by built in groups, meaning that many users can be administrators; there is no equivalent to a single root user.

ACLs are now supported in UNIX/Linux, but again, this is a retrofit. Support was added in Linux kernel 2.5.46, and many distributions backported these to 2.4. They are rather foreign to UNIX, which was designed around chmod style permissions. In NT, ACLs are the only security primitive used for files/registry etc. There is a chmod call in the C library on NT, but it is very different to UNIX as there is no primary group, so UNIX-style chmod would be meaningless.

When I said privilege, what I was referring to is not file permissions, but fine grained control over different system calls. In NT, a group might have permission to (say) shut down the system; debug other users processes; create paging files; create symbolic links; load drivers; lock physical memory; change the system time; perform system wide backup or restore operations; or permission to open leaf files (if permission is granted) without requiring permission on all parent directories. There has been a push to retrofit a similar concept into Linux (as part of moving away from a single root user), but I don't know the current status of it. Perhaps somebody else here can comment...?

Reply Parent Score: 4