Linked by Howard Fosdick on Mon 24th Jun 2013 03:00 UTC
Linux I volunteer as tech support for a small organization. For years we relied on Ubuntu on our desktops, but the users didn't like it when Ubuntu switched to the Unity interface. This article tells about our search for a replacement and why we decided on Xfce running atop Linux Mint.
Thread beginning with comment 565470
To view parent comment, click here.
To read all comments associated with this story, please click here.
RE[3]: Partition lock-down
by Laurence on Mon 24th Jun 2013 13:13 UTC in reply to "RE[2]: Partition lock-down"
Laurence
Member since:
2007-03-26

The system partition (32 GB ext3) had the system installed on it, the swap partition (4 GB swap) and the data partition (200 GB fat32) had nothing on it, it was just purposed to store... guess it : data !

Is that the default auto partitioning? I'm more miffed why there's a FAT32 partition. That's just wrong. If it's a Linux only set up, then it should be running ext3 or ext4. If it's to be shared with Windows, then it should be ext3 (there are ext2&3 drivers for Windows) or NTFS. FAT32 should NEVER be used to store "data". So if that's a Mint default, I'm very disappointed.


When I wanted to open/copy files on the DATA partition, Linux Mint shouted at me that I don't had enough privilege (as root !) to access it. And it's an offline ARM cross development PC.


As I've already pointed out. You wouldn't have been root. Mint (like Ubuntu) doesn't assign a password to root so you cannot even log in as root. Thus you'd have been a regular user.

Security ? Paranoia !

That's what they all say until their computers are infected with all sorts of crap...

It's Linux, the malwares and security holes aren't supposed to mirror Windows' ! So what's the point ?

That doesn't even make sense. You're complaining about security features. ACLs and other access permissions are not malware.

If Linux cannot hide its "secutiry" behind the hood and had to put your nose into configurations files to "feel the power of the security by restrictive accesses" then I'm gonna quit immediately.

How would you suggest we secure computers without user access controls? It's my day job to implement security procedures, specialising with Linux and UNIX (I'm not making that up either!) and I can't think of a better foundation to begin with. At some point in the stack, you're going to need to know who's using the computer and whether they're allowed to access that subsystem. And whichever way you try to implement that, you ultimately end up with a list of users and permissions.

This is why your arguments about computer security really don't make any sense. Granted, in this particular instance the workstation is intended to be kept offline. But since you're the one arguing about noob-friendliness, it makes infinitely more sense to assume that all the Mint desktops are going to be connected to the internet than have all the security turned off by default and expect those users to turn them on manually (but don't take my word for it, let's just look at Windows 95 through to Me and how well it's security model worked).

Reply Parent Score: 5

RE[4]: Partition lock-down
by l3v1 on Mon 24th Jun 2013 14:09 in reply to "RE[3]: Partition lock-down"
l3v1 Member since:
2005-07-06

FAT32 should NEVER be used to store "data". So if that's a Mint default, I'm very disappointed.


It most certainly is not. Whatever happened there, I can't easily believe it's LMint's fault. Been using it for 3 versions now at work in VBox, never seen anything like that happening.

Reply Parent Score: 4

RE[5]: Partition lock-down
by Laurence on Mon 24th Jun 2013 14:22 in reply to "RE[4]: Partition lock-down"
Laurence Member since:
2007-03-26


It most certainly is not. Whatever happened there, I can't easily believe it's LMint's fault. Been using it for 3 versions now at work in VBox, never seen anything like that happening.

That's what I suspected. And to be honest, I wouldn't have minded if he was honest about the fact that he was running non-standard config - as he could still have made a valid argument about usability. But to run a bespoke set up and then moan about how default Mint installs are broken is just deceptive.

Reply Parent Score: 3

RE[4]: Partition lock-down
by Kochise on Mon 24th Jun 2013 15:24 in reply to "RE[3]: Partition lock-down"
Kochise Member since:
2006-03-03

Is that the default auto partitioning? I'm more miffed why there's a FAT32 partition. That's just wrong. If it's a Linux only set up, then it should be running ext3 or ext4. If it's to be shared with Windows, then it should be ext3 (there are ext2&3 drivers for Windows) or NTFS. FAT32 should NEVER be used to store "data". So if that's a Mint default, I'm very disappointed.

As I've already pointed out. You wouldn't have been root. Mint (like Ubuntu) doesn't assign a password to root so you cannot even log in as root. Thus you'd have been a regular user.

See my answer in another comment above...

"Security ? Paranoia !

That's what they all say until their computers are infected with all sorts of crap...
"
Malwares ? On Linux ? Babylon toolbar ? McAfee anti-virus ? ...

"It's Linux, the malwares and security holes aren't supposed to mirror Windows' ! So what's the point ?

That doesn't even make sense. You're complaining about security features. ACLs and other access permissions are not malware.
"
Access permissions ? So with Linux Mint, when I install the system, instead to lock things, I have to unlock them ? How convenient.

How would you suggest we secure computers without user access controls?

Preventing the user to access the computer to prevent him making mistakes is sure quite a strange behavior. An operating system turned into a denying access system, that doesn't makes sense. I'm sure there is other ways to "protect" the system. Firewalls, etc, but not locking down the computer.

And whichever way you try to implement that, you ultimately end up with a list of users and permissions.

Sure, when you start having more than one registered user. But when there is only ONE f--king account, why the need to lock EVERYTHING when an access password would be enough ?

This is why your arguments about computer security really don't make any sense. Granted, in this particular instance the workstation is intended to be kept offline. But since you're the one arguing about noob-friendliness, it makes infinitely more sense to assume that all the Mint desktops are going to be connected to the internet than have all the security turned off by default and expect those users to turn them on manually (but don't take my word for it, let's just look at Windows 95 through to Me and how well it's security model worked).

Like I said, preventing the user to access the computer, then the internet, for the sake of "safety" is a pure non-sense, especially on Linux. I don't see what are the threats to the system. Active X ? Sony's root-kits ? IE exploits ? SWF trojans ? Come on...

Kochise

Edited 2013-06-24 15:25 UTC

Reply Parent Score: 2

RE[5]: Partition lock-down
by Laurence on Mon 24th Jun 2013 16:20 in reply to "RE[4]: Partition lock-down"
Laurence Member since:
2007-03-26


See my answer in another comment above...

Which comment? None of them address the 'root' point I made.


Access permissions ? So with Linux Mint, when I install the system, instead to lock things, I have to unlock them ? How convenient.

I'm sorry but I thought you said you'd used Linux before.


Preventing the user to access the computer to prevent him making mistakes is sure quite a strange behavior. An operating system turned into a denying access system, that doesn't makes sense. I'm sure there is other ways to "protect" the system. Firewalls, etc, but not locking down the computer.

It's not about protecting from user error. It's about locking unauthorised processes down to minimize the damage they can perform. Firewalls are a whole other type of security system and would have zero benefit in that regard.


Sure, when you start having more than one registered user. But when there is only ONE f--king account, why the need to lock EVERYTHING when an access password would be enough ?

With the greatest of respect, I suggest you have a read up on security practices. It's quite an in-depth subject and it appears like you're holding onto a number of misnomers. As we're now starting to talk in circles, it's clear that you're never going to trust me on this topic, so I'd recommend you do a little research to see that I'm really not making this stuff up ;)


Like I said, preventing the user to access the computer, then the internet, for the sake of "safety" is a pure non-sense, especially on Linux. I don't see what are the threats to the system. Active X ? Sony's root-kits ? IE exploits ? SWF trojans ? Come on...

Actually, exploits have been found with Linux builds of Flash in the past. Then there's Java 0-days. There's been instances where Canonical have inadvertently added trojans to their repos. And that's before you even look at any of the networking software (p2p clients, etc)

Edited 2013-06-24 16:20 UTC

Reply Parent Score: 3

RE[5]: Partition lock-down
by moondevil on Tue 25th Jun 2013 06:12 in reply to "RE[4]: Partition lock-down"
moondevil Member since:
2005-07-08

Like I said, preventing the user to access the computer, then the internet, for the sake of "safety" is a pure non-sense, especially on Linux. I don't see what are the threats to the system. Active X ? Sony's root-kits ? IE exploits ? SWF trojans ? Come on...


Operating system daemons exploits.

Application level exploits that expose the user's $HOME to the outside world when p0wned.

Fake posts on public forums about how to install something, used as disguise to install worms.

People that just install whatever application they can get from the Internet without checking what it really does. Even if they are not root, at least $HOME is exposed.

Users are very creative, specially at home or when trying to go around IT security procedures.

Reply Parent Score: 4