No, that's a bad idea. *cough* But so is what MS is doing with IIS).
Microsoft doesn't give a shit about wether it's a "good idea" or a "bad idea" to do these things, and neither do the corporations that are Microsoft's chief market. Don't you get it? You cannot - can not count on workstations for security. Workstation users don't give a shit if they're wide open and swinging in the breeze - all they care about is the ability to get things done. When you balance security vs. useability, security isn't even a consideration. That's what they have IT staffs, firewalls, and server storage for - so they don't have to worry about it. Go in to a corporate shop and try to tell the businessmen running the place that the security on their workstations is terrible and they need to lock them down. First thing they'll say is "how will that affect productivity?" Actually, most of them already know; they'll simply tell you they're aware of it and to get back to work.
chgrp -R foo / -- effective and thoroughly obnoxious.
And how many other applications does this fuck over?
I'm assuming you mean through some httpd server extension and not via SMB sharing. Beyond group permissions one would have to invoke capabilities along with a versioned filesystem. Linux ain't there yet, but with a commercial UNIX this is possible.
Possible. At what cost, in money and administration? That's the beauty of NTFS and FAT; combined with Windows' security model, it's simple. Literally child's play. There's a cost, of course, in security; TANSTAAFL. But again - corporations know that and made a concious choice. One they're actually quite happy with.
I'm assuming you mean at runtime. By modification do you mean signalling the application to do something else, such as forcing it to re-read it's configuration state? Or do you mean changing a runtime environment for an application without explicit ownership of the app? I suppose if the later capabilities is also an answer.
Office does both, all the time, as needed. Not just at runtime. It also has the capability to be changed (patched) and reconfigured, and to do the same to other applications. For example, it is possible (with Office 2000, in NT or Windows 2000) to have Office install parts of itself only as needed, without a shutdown, reboot, or even a restart of the application.
However, all of these things could be handled through a win32 emulation layer with some root privs -- though I would never want to do such things because I think it's abhorent from a security standpoint. Why the hell do you think MS is having such security troubles to begin with? If I were willing to throw caution to the wind and let these apps call setuid() with root privs -- no problem. Capabilities would allow for more fine grained permissions control for any application or user along with the potential for filesystem ACLs, however, I wouldn't want a daemon like a web server able to write over critical system directories or files under these conditions anyway. It's just a bad idea.
See above. The point most people fail to understand is that the Windows security model is not bad - from a certain point of view. Whereas from that point of view, the Unix security model is abhorrent; it makes it impossible for a group of people to work effectively. Unix (and Linux, in particular) still lag well behind Windows in the productivity market for that very reason; the security model gets in the way. That's good for lone workstations connected to the internet. That's wonderful for servers, particularly file and gateway servers. It's fantastic for firewall and intrusion detection systems.
But for an effective, corporate office environment, you must have both. You use the better security of Unix to build a wall around your office, to detect breaches in that wall, and to monitor the gates. But inside the wall, you need the flexibility and the openness of Windows - even at the expense of security and stability.
It isn't going to be the Linux people who solve the problem and bring those together, because they aren't working on it - they're too busy prattling about how wonderfully secure their systems are and accusing Microsoft of being evil. But let's look at the trends; five years ago, with Windows 95 and NT 3.51, Microsoft security and stability was a joke. Two years ago, they were enormously better, though Unix still had the edge - but Unix wasn't really getting any better.
One year ago, a properly administered Windows NT Server could match a Unix system in uptime and stability - but not in security. The Workstations weren't quite as good, but they were close. Today, Windows 2000 is more stable than NT, faster, and more secure. And they haven't even had a service pack yet. Linux and Unix are still using the same security model, and there still aren't any productivity apps available that can match Office.
I love Linux. I use it daily, to guard my systems, to compile applications, to serve my web pages and deliver my mail. But when I need to collaborate with a colleague on something, I fire up Word and Excel and Outlook, and I do it on Windows 2000 boxes. Because I can do things on there that I just can't do on Unix.
[ Parent ]