Alle 13:25, domenica 7 marzo 2004, Mitch Pirtle ha scritto:
> Silvana Di Martino wrote:
> > Regarding this topic I have a dream: the hyerarchical permission
> > architecture of OS/400 (and many other IBM OSs for mainframe) ported to
> > Linux. Just imagine this: you have a omnipotent "root" who can access the
> > machine from the console only, a whole set of powerful, configurable
> > administrators who can act from the net, each of them devoted to
> > administer a specific part of the OS or of the File System, and finally a
> > crowd of simple users, with configurable permissions. Nobody would have
> > more power of what it actually need for his job, not even the root.
> Great, then all of my linux users, thanks to the administrators in their
> physical presence, would get an account with SECADM privileges.
This would be a human act of will (a "betrayal"). It looks like that not even
God can protect humans from this (have you ever heard of "free will"?). This
would not be different from a Linux/Unix Root giving away its password. I
cannot see any way to protect ourselves from such a betrayal, neither with
technological tools nor in any other way.
BTW: you understandably suppose that administrators have the power to give
SECADM privileges to other users. This may be true or may be not. I cannot
remember which was the situation on OS/400 but I would not be surprised to
discover that ADMINs do not have such a power. Most likely, just a SECADM can
create a new SECADM. A strict division of powers is a fundamental concept of
any security system.
Alessandro Bottoni and Silvana Di Martino
In response to
pgsql-admin by date
|Next:||From: Oli Sennhauser||Date: 2004-03-07 16:38:48|
|Subject: Re: CREATE USER system privilege?|
|Previous:||From: Silvana Di Martino||Date: 2004-03-07 16:13:03|
|Subject: pgcrypto and database encryption|