Re: Windows for Unix Geeks?

To the best of my knowledge Windows has a vastly more complicated security model (token based security) than Unix . It has no /etc/passwd, stat returns (mostly) useful info, getpwuid() is a stricly unix concept that is meaningless in a win32 context. The equivelent of a group writable file is a file with access permissions deriving from a usergroup. Objects in Win32 can have user level permissions or group level permissions, with fine grained tuning, ie, you can say group X has read, write and execute, group Y has read, group Z has read,write etc. Similarly with users. To the best of my knowledge there is no sticky bit.

I suggest you find a book on Windows administration in general. They are usually written for a low denominator, so all that will happen is that you wont have to read all of the explanations of concepts you are familiar with.

Actually a while back I discovered one of the flaws of the Win32 security model. Its _too_ damn powerful. In order to make it powerful it has to be complex, and by making it complex its really hard to do right, which means that in the end people end up not bothering. Security models should be simply enough that any programmer can be briefed on how to use the model effectively with minimal training. Requiring people to have indepth understanding of a complicated security model just means that people will write insecure code, either because they didnt understand how to secure it properly in the first place or because they didnt bother out of frustration.

---
$world=~s/war/peace/g

Comment on Re: Windows for Unix Geeks?

Replies are listed 'Best First'.
Unix permissions vs ACLs (was: Windows for Unix Geeks?) by Aristotle (Chancellor) on Jan 13, 2006 at 11:11 UTC
This is a problem with ACL systems in general. They are extremely flexible and expressive, but require a level of stamina and determination to harness that few except the dysfunctionally obsessive will manage. (The Unix permission model OTOH is so simplistic that only the most trivial arrangments are expressible. All things considered, I still prefer Unix permissions because at least they make the common, simple things a no-brainer; that ACLs make the hard things possible doesn’t mean these aren’t still an absolutely massive pain. Someday we’ll figure out long-term tenable approaches to security…) Makeshifts last the longest.	[reply]
Re^3: Windows for Unix Geeks? by Argel (Prior) on Jan 16, 2006 at 21:58 UTC
A compromise for the UNIX world might be to allow groups to belong to other groups. -- Argel	[reply]
Re^2: Unix permissions vs ACLs by Aristotle (Chancellor) on Jan 17, 2006 at 04:41 UTC
That wouldn’t help much. You can get the same effect already if you expand subgroups manually. Of course, that makes large userbases difficult to manage. You could reduce the burden by generating `/etc/groups` via a preprocessor or some such. So this is proof by induction that nestable groups do not actually expand the expressive capabilities of the Unix model. They could make large userbases easier to manage, but everything you can express with them is expressible without them as well. ACL systems OTOH actually allow mapping scenarios that the Unix model cannot, and won’t be able to with nested groups either. Of course, they are also hard to handle and will fry your brain… Makeshifts last the longest.	[reply] [d/l]