[lug] KDE

rm at fabula.de rm at fabula.de
Tue Jan 8 10:35:27 MST 2002 

On Tue, Jan 08, 2002 at 09:55:28AM -0600, Peter Hutnick wrote:
> jeremy wrote:
> 
> >Hello
> >
> >Does any one know of a great link to lock down a KDE session.  I am using 
> >the Linux Terminal Server Project, and would like to make it really hard 
> >for my users to open unauthorized programs, and get into any mischief.
> >
> >I would like this config to be system wide so I would not have edit each 
> >users .kde/share/config, or whatever config.  Are there Security Policies 
> >in Linux (Redhat 7.2)  that are simular to a Windows2000 active directory 
> >group policy?
> >
> >Thanks for your time

Yes, for the problem stated i'd go with group permissions, that _should_
be enough.

> UNIX has a pretty powerful security model.  Why try to re-invent this in 
> the window manager?  Even if you have some great answer to that, 
> wouldn't a user be able to easily side-step that "security" by not using 
> KDE?
> 
> I think you should look into using file modes/ownership and user groups 
> to manage this.  This all works largely the way it works in NT/Win2k. 
> Did you think that that stuff was MS innovation?  (They call file modes 
> "NTFS permissions".)
>

The classic *NIX/Linix security model does show it's age. File access 
limitation and a rather coarse ulimit are ok in a "friendly" environment
but probably not enough for some higher security demands. There's a reason
for advanced security features in some *NIX OSs (AIX uses ACLs for example)
and for the security patches by the NSA. or have a look at some of BSD's
security features for example. The fact that even root isn't allowed to
do everything is a big help in certain situations -- most of the recent
expoits would just not work. 
BTW, not _everything_ comming from MS is bad, and not every feature NT
has is snarfed from *NIX :-) One of NT's prominent ancessors is VMS/VAX,
an OS that had some pretty nice security features  too ....



 Ralf Mattes
> -Peter
> 
> _______________________________________________
> Web Page:  http://lug.boulder.co.us
> Mailing List: http://lists.lug.boulder.co.us/mailman/listinfo/lug

More information about the LUG mailing list