“I’ve used Red Hat Network successfully in the past, so I was happy to get my hands on a demo of Red Hat Network 4, which is in the process of being released. Before I drill down into RHN4, I have to say RHN4’s new features are cool, particularly the ones that enable you to manage Unix-based Solaris servers and monitor systems more effectively.”
The article explains that the screenshots come from
Red Hat itself, which makes it even funnier that the
box appears to be running the desktop as root.
That can’t possibly be standard operating procedure
for RHEL administration, can it?
“That can’t possibly be standard operating procedure
for RHEL administration, can it?”
Why not? There’s nothing wrong with using root when you are administrating a machine. That’s the whole point of having a root account in the first place.
<em>Why not? There’s nothing wrong with using root when you are administrating a machine. That’s the whole point of having a root account in the first place.</em>
<p>
Can you please print that up on a nametag or something and stick it on your shirt? I’d like to see you coming so I can keep you the hell away from my boxes. You don’t run the entire desktop as root. You escalate privs for a certain program using sudo or similar.
It is generally regarded that running the desktop environment (which is rather a lot of code) with escelated priviledges is bad form. Much better to run it as a user and only give priviledges to the shell or whatever within which you are going to perform the root operations (via su, sudo, gksu, sux, or whatever).
That PC is NOT running as root!
If you have used real RH, then you will know that to run up2date you need the root password.
Any operation requiring root password puts the key symbol, and normally gives you 5 minutes of authentication so that you do not need to retype your password.
hope it helps
Then why does the home directory icon on the desktop say “root’s home”?
My appologies, my poor sight cant read that fuzzy charcters!
on observing closely I do see it!
I would agree, definetl not good practice, since it seems the review by implication was written as root?
that is indeed true.
The user in those screenshots is not running as root.
They have used RedHat’s graphical su to gain privileges to install updates.
Wheter having the system pop up boxes asking for the root password is a good idea or not is questionable.
I much prefer the console version of su or sudo.
I type su or sudo because I know that I’m going to need root privileges. Instead of the system deciding that I’m going to need root privileges to perform an action.
I can see this style of system becaming a giant security issue on desktop linux.
If users are silly enough to still run random attachments to their emails, then they are silly enough to give to root password to any program that asks.
– Jesse McNelis
I’d imagine it’s Red Hat developers working on this, not system or network administrators. And what, you’re going to tell me Linux developers never need admin? Besides, who’s to say this isn’t something running under xen, or qemu, or the like. And take it from me, one of the more paranoid guys out there when it comes to security, simply logging on as root isn’t really all that big of deal if you know what you’re doing.
For all of the hype of this product you would think they would have a screen shot of a RedHat machine managing a Solaris server. Or for that matter go into more specifics than saying that it can manage a Solaris “infrastructure”. What does it manage and how?
A bit of search and here
https://rhn.redhat.com/help/reference/ch-unix-support-guide.html
Thanks, similar to the wadminep command in Tivoli. And the solaris2mpm is also very interesting.
> Why not? There’s nothing wrong with using root
> when you are administrating a machine.
Perhaps in your little tiny environment with four or five machines – in the real world one would assume that at a minimum something like sudo is in place. Or better yet something like Solaris privileges or RBAC. But hold on, the Linux <em>innovators</em> have not had a chance to fully steal those from Solaris or a BSD and claim that they developed they were on Linux first yet.
And where is iscsi in Redhat 4. It disappeared again.
Yeah, because BSD developed the majority of the security paradigims in seLinux and did not just copy them.
“Yeah, because BSD developed the majority of the security paradigims in seLinux and did not just copy them.”
Don’t be a dumbass. All of the security technologies were derived from work done by a corporation (Secure Computing Corp IIRC, with the assistance of the NSA), and *not* Linux developers. That work in turn, was based on University work on an OS called Flask, that is very distantly derived from BSD.
The BSD heritage is not my point, but rather that niether Linux, nor it’s developers developed any of those SELinux technologies. None. Zip and zilch. Nadda.
Linux (perhaps in the form of Fedora Core) might very well be the first to get this technology to the masses, but that is another point entirely, and not the one you were trying to make.
You sir, are an uninformed troll.
And let’s not forget that both FreeBSD and Darwin have the “TrustedBSD MAC Framework, which is technilogically equivelant to SELinux/LSM, has the ability to load “SEBSD” (a port of the SELinux LSM module), and was designed as such from the get go (whereas SELinux and LSM both started off as independant projects).
Also, you can load several different MAC modules in FreeBSD at the same time unlike with the current Linux kernel’s framework.
“Don’t be a dumbass. All of the security technologies were derived from work done by a corporation (Secure Computing Corp IIRC, with the assistance of the NSA), and *not* Linux developers. That work in turn, was based on University work on an OS called Flask, that is very distantly derived from BSD.”
If the work is done for Linux and delivered on Linux how are they not Linux developers? Linux development isn’t done as part of an exclusive club, it has contributions from many different people. That’s the advantage of its openness as opposed to a more closed development model.
Rahul rather than saying a little bit of a search could you not just say I am Rahul and I work for Redhat ( http://fedoranews.org/mediawiki/index.php/Rahul_Sundaram ). Here is the document your require. Pretending to search for it just looks pathetic.
Rahul rather than saying a little bit of a search could you not just say I am Rahul and I work for Redhat ( http://fedoranews.org/mediawiki/index.php/Rahul_Sundaram ). Here is the document your require. Pretending to search for it just looks pathetic.
Working for Red Hat doesnt mean you know where every guide on every product is. Besides I was pointing out that it only takes sometime to search for the information if you wanted it
Red Hat developers are top-notch. I’m impressed by the Fedora Core product. Features such as SELinux, Exec-Shield, and Xen are unique and appreciated. The commercial RH product should be even better.
”Red Hat developers are top-notch. I’m impressed by the Fedora Core product. Features such as SELinux, Exec-Shield, and Xen are unique and appreciated.”
Indeed they are – but be clear who developed them. Also the Xen support in FC4 is little more than a joke at present, unfortunately, as a result of the desire to track the unstable branch.
If they were to do anything with Sun, I would rather they put the effort in bringing NFS and particularly autofs on linux in general up to Solaris standards than this package management thing..
RHEL does not run as root by default. It asks you to set up a limited user account upon installation. This person is logged in using root for some odd reason which I’m not aware of, but it is not because it is the default. I am typing this from a CentOS box right now, and I have used RHEL 4, and it never made me log in as root.
I’m just a lowly home user and not even in the IT industry and I use root frequently and have never had a problem. Hell, in windows you don’t even have to be root to mess up all sorts of stuff.
“I’m just a lowly home user and not even in the IT industry and I use root frequently and have never had a problem.”
Lowly indeed. I seriously doubt that you’ve any real idea if your frequent use of the root account has lead to a compromise or not. But what do I care? It’s you box…
” Hell, in windows you don’t even have to be root to mess up all sorts of stuff.”
Well you sort-of do, it’s just that the default user on an XP installation has full priviledges.
Red Hat should go fix their own quality before they try managing Solaris – which sets a bar way above RH’s head on quality and enterprise scale.
And is it me, or is anyone else pissed off that RH’s satellite server/RHN is proprietary – I’m tired of feeling like a tool to generate volumes for RH, they’re just as proprietary as they claim Sun to be.
looks like just a few adds to the web service. I’m a redhat guy from the early 90’s but change when the fedora release.
———————————————-
http://www.freebsdworld.net
The good:
This looks nice and easy. I haven’t used its primary competitor, ZenWorks, but some of these features are unique and effective. Roles-based access control is innovative and possibly even usable by admins of normal intelligence. Instant deployment and updates pushed to the entire network are both key features.
The bad:
Something like this should be an open source project. You should be able to download the PHP/mySQL code, extract it in your web root, and configure it for your environment. It should have default configurations for popular distributions.
The ugly:
I don’t care how small your company is, you can afford a thousand bucks for a reasonable PC to install your own management server. You do NOT want your management server (capable of making modifications hosts on your network) to be accessible over the Internet!! You want it to be inside your network, behind a router and packet filter, running no web-facing services. If your company requires admins to be able to administer the network from home or on the the road, that’s what VPN is for. Having the keys to your network hanging on the net is just asking for someone to install a hidden proxy to make your clients listen to somebody else’s “RH Network” server.