13 Jan
2014
13 Jan
'14
8:05 a.m.
Tim Bradshaw scripsit:
Quotas actually don't seem to be used very much.
Instead people
Greenspun it by confining applications to distinct filesystems and
some kind of volume manager.
Which is to say, the file owner is irrelevant to the quota system, only
the pathname matters.
Privilege separation is more sorted out. People
(regulators, auditors,
the organisation itself) are extremely interested in knowing who can
see and do what. Root access seems to be typically pretty sorted by now
(no-one has it except under some kind of auditable breakglass process)
and controlling per-user access is getting tied down where it hasn't
been, usually by elaborate sudo rules for the various role users
(unix admin, oracle admin, business users etc).
Again, how can any of this be corrupted by free chown-ing?
--
Some people open all the Windows; John Cowan
wise wives welcome the spring cowan(a)ccil.org
by moving the Unix. http://www.ccil.org/~cowan
--ad for Unix Book Units (U.K.)
(see http://cm.bell-labs.com/cm/cs/who/dmr/unix3image.gif)
