User: Password:
|
|
Subscribe / Log in / New account

Access Control: take them from Novell Netware

Access Control: take them from Novell Netware

Posted Nov 18, 2010 9:05 UTC (Thu) by Fowl (subscriber, #65667)
In reply to: Access Control: take them from Novell Netware by zmi
Parent article: Ghosts of Unix past, part 3: Unfixable designs

(Oops, wrong reply button.)

---

Could you explain the Netware model a bit more? It just sounds like ACLs to me.


(Log in to post comments)

Access Control: take them from Novell Netware

Posted Nov 18, 2010 10:38 UTC (Thu) by zmi (guest, #4829) [Link]

Yes, but not stored within the filesystem, I believe. It never took more than a millisecond to assign a right, no matter how much data was below this dir.

Also, the way you assigned rights was simple: take an object (user, group, department, etc.), assign it to a dir with rights, and specify if it's for subdirs as well or only this dir.

And when you didn't have a right on a dir, you didn't even see it. I dislike the Windows approach of seeing a share, and upon click you get the info "no permission". That's just stupid.

Access Control: take them from Novell Netware

Posted Nov 18, 2010 11:09 UTC (Thu) by dgm (subscriber, #49227) [Link]

That would be a nice addition to file managers like Nautilus or Dolphin. Not even showing whatever you cannot open would remove much clutter.

Access Control: take them from Novell Netware

Posted Nov 18, 2010 18:43 UTC (Thu) by jeremiah (subscriber, #1221) [Link]

So permissions were only on the directory? and there were no file specific ACL?

Access Control: take them from Novell Netware

Posted Nov 18, 2010 22:06 UTC (Thu) by zmi (guest, #4829) [Link]

You could make file ACLs also. But if you specified a dir ACL, it was taken for each file in that dir automatically. That makes sense, as most things are done on a per-dir base anyway, right? At least, if you have a system supporting it that way, you automatically use that approach to order things in directories, as it makes life - and administration! - much easier.

Access Control: take them from Novell Netware

Posted Nov 18, 2010 19:05 UTC (Thu) by jeremiah (subscriber, #1221) [Link]

One ACL approach I tried to take once, but the product got dropped before I could see the problems was the following:

you had a file/object, and a list of permissions/security attributes for each object. Object could be a group of objects, but group depth was not a concern. Mutiple applications (controlled by us) could access the permissions, and make decisions based on what they found. If there was a permission that they didn't understand, access was not allowed. This was a situation where we could trust the apps, and not the people. We also took the approach that permissions were subtractive. Everything started as readable/writable and access could only be removed. The nice thing about this was that it was extendable.

This isn't relevant to Novell ACL's just trying to get people's thoughts.

Access Control: take them from Novell Netware

Posted Nov 18, 2010 22:09 UTC (Thu) by zmi (guest, #4829) [Link]

From a security point of view, I don't like it. A system should deny everything, and only allow what I explicitly allow. The "default everybody everything yes" way you describe is so Windows, and it's for this reason most viruses are for this system today.

Access Control: take them from Novell Netware

Posted Nov 18, 2010 23:41 UTC (Thu) by jeremiah (subscriber, #1221) [Link]

but it seems much harder to administer the other way around. Once something is marked as inaccessible, that's it. You get to stop looking. Where as it seems like when something is marked as visible you have to establish some sort of hierarchy in case a parent thinks it shouldn't be visible. Which would be indicated by nothing being set. Or you run into a situation like unix where you have permissions going either direction and you have to again determine which overrides which. I guess that would be a fail safe as opposed to a fail open though, which I prefer. But SELinux is a clear demonstration of how complicated things can get if you do it in a complete fashion. Starting with the idea that everything is hidden from everything first, and then transitions are made between them. Yet the bail when it comes to initrc, and almost mark everything as visible first.

Access Control: take them from Novell Netware

Posted Nov 19, 2010 13:19 UTC (Fri) by jeremiah (subscriber, #1221) [Link]

I feel the urge to clarify my initrc comment. Although it's been a while since I dealt with it, here's what I remember, and some context. I run a payment gateway, so we decided to use SELinux to enforce a true division of roles. We made root a second class citizen to the role a user belonged to. The most difficult part of doing this was that root could transition through rpm_t into initrc_t into any other role on the system. The idea, I think, being that root should be able to install packages, and packages, if they were related to a service, should be able to restart themselves. This had the unwanted effect of giving root the ability to transition to just about anything. Trying to remove the 20 bazillion independent transition paths took a hard 2 weeks. This was with the reference policy, and not a vendor supplied policy, which is much more strict than the strict policy. What it really boiled down to, is what it always boils down to in the end. That delicate balance between usability, and security. In the end it was doable, but it wasn't easy.

I think SELinux is amazingly complete. It allowed us to implement a solution that always requires 2 users, from a group of 3. You throw LUKS, encrypted drives, and removable media into the mix, and you have as close to a bullet proof scenario as possible. On the other hand, I don't want to have to write code that the average admin can't administer without spending a month dealing with a sharp learning curve.

Like a lot of us here I'm a developer, and a system administrator. When I have my development hat on I try to think of the user, and what they have to put up with, while balancing it with security requirements etc. As an administrator, I know I'm willing to tolerate more than most users. The difficult part for me, is defining my target audience, and understanding their abilities and tolerance, and shooting for that. And sometimes the perfect solution, has to be hobbled security wise, or the product won't sell. The only way I've found to begin addressing that is though intelligent defaults, and meaningful dialogs/user interaction.

I am intrigued by the Netware ACL's though, since you seem to have found a happy place when dealing with them as opposed to other permission systems. Thanks for the input.

Access Control: take them from Novell Netware

Posted Nov 21, 2010 0:35 UTC (Sun) by Fowl (subscriber, #65667) [Link]

The reason that most viruses are for Windows is the user, plain and simply the huge number of "users". </OT>

If you don't find a specific ACE allowing you access, you don't have access.


Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds