One of my VPS stopped working. After the data centre replaced a disk normal service resumed, then I notices this:
CentOS release 5.5 (Final) Kernel 2.6.35.4 on an x86_64
I always thought Centos 5.x would always be on 2.6.18. Any thoughts?
-----Original Message----- From: centos-bounces@centos.org [mailto:centos-bounces@centos.org] On Behalf Of Always Learning Sent: Thursday, February 10, 2011 4:25 PM To: centos@centos.org Subject: [CentOS] Strange Kernel for Centos 5.5
One of my VPS stopped working. After the data centre replaced a disk normal service resumed, then I notices this:
CentOS release 5.5 (Final)
Kernel 2.6.35.4 on an x86_64
I always thought Centos 5.x would always be on 2.6.18. Any thoughts?
uname -a should give the 2.6.18-xxx.y.z.el5 (with .centos.plus optionally) or you're not running a RH/CentOS/SL kernel.
Check you /boot and grub.conf for whether you have the current kernel at all (2.6.18-194.32.1.el5.centos.plus in my case) ******************************************************************* This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote also confirms that this email message has been swept for the presence of computer viruses. www.Hubbell.com - Hubbell Incorporated**
Hi Brian T. & Robert,
Thanks for your input.
I did a uname -a on a selection of Centos 5.5 machines and found the servers, netbooks and laptops were all a variety of 2.6.18-194.32.1.el5 and 2.6.19-194.32.1.el5-centos.plus. Only the VPS were different most likely, as Robert suggested, because of the base operating system.
I can update the VPS kernels and am looking forward to the surprises, all nice ones I hope, in 5.6 and then 6.0.
Sometimes I just wonder about the luckiness of us non-Windoze people. We have a really marvellous choice of operating systems (BSDs, Solaris, Linux et al) and its all free and outstandingly good and reliable.
I feel sorry for the Windoze victims. Its a really horrible experience using a bug-laden and Micro$oft knows best machine where it is awkward trying to make changes and avoid the ghastly mess of M$ Internet Security - ugh! Centos is so relaxing and enjoyable :-)
On 11/02/11 03:05, Always Learning wrote: [...snip...]
Sometimes I just wonder about the luckiness of us non-Windoze people. We have a really marvellous choice of operating systems (BSDs, Solaris, Linux et al) and its all free and outstandingly good and reliable.
I feel sorry for the Windoze victims. Its a really horrible experience using a bug-laden and Micro$oft knows best machine where it is awkward trying to make changes and avoid the ghastly mess of M$ Internet Security - ugh! Centos is so relaxing and enjoyable :-)
Be careful with saying such things. A lot can be said about Windows as an operating system and Microsoft as a company. But be very careful about talking about its users, you do not know the reason why they run another OS than those which you love.
Those who uses *nix oriented/based OSes aren't better people or superior to those not doing so. They are just different, with a different different needs. It doesn't necessarily make them victims or unlucky.
kind regards,
David Sommerseth
On Fri, 2011-02-11 at 16:03 +0100, David Sommerseth wrote:
On 11/02/11 03:05, Always Learning wrote: [...snip...]
Sometimes I just wonder about the luckiness of us non-Windoze people. We have a really marvellous choice of operating systems (BSDs, Solaris, Linux et al) and its all free and outstandingly good and reliable.
I feel sorry for the Windoze victims. Its a really horrible experience using a bug-laden and Micro$oft knows best machine where it is awkward trying to make changes and avoid the ghastly mess of M$ Internet Security - ugh! Centos is so relaxing and enjoyable :-)
Be careful with saying such things. A lot can be said about Windows as an operating system and Microsoft as a company. But be very careful about talking about its users, you do not know the reason why they run another OS than those which you love.
They probably run Windoze because:-
(1) they are unaware of other operating systems;
(2) their application only runs on Windoze;
(3) their employer is a Windoze-only user;
(4) when they purchased their new computer it was pre-installed with Windoze, for which they had to pay the Micro$oft premium (something which needs challenging in the EU), and XP on netbook refuses to work if the the hard disk is partitioned to create space for Linux whilst Windows 7 deliberately occupies all 4 primary sectors and the entire hard disk space just to obstruct users from installing another operating system;
(4) they work for Micro$oft;
(5) they mistakenly believe Windoze is the best operating system in the world;
Those who uses *nix oriented/based OSes aren't better people or superior to those not doing so. They are just different, with a different different needs. It doesn't necessarily make them victims or unlucky.
I think *nix users are more enlightened people and more aware of computers, in the widest sense, generally. They are individuals who enjoy things like 'Windows for Adults' (i.e. Gnome etc.) rather than 'Windoze for Young Impressionable Children'. They are much luckier to enjoy a better, less stressful and more reliable operating system.
With best regards,
Paul.
Programmer et al 1967-2011. Windows user 1992-2010. Joyful Linux user and programmer et al 2010-
David Sommerseth wrote:
On 11/02/11 03:05, Always Learning wrote: [...snip...]
Sometimes I just wonder about the luckiness of us non-Windoze people. We have a really marvellous choice of operating systems (BSDs, Solaris, Linux et al) and its all free and outstandingly good and reliable.
I feel sorry for the Windoze victims. Its a really horrible experience using a bug-laden and Micro$oft knows best machine where it is awkward trying to make changes and avoid the ghastly mess of M$ Internet Security - ugh! Centos is so relaxing and enjoyable :-)
Be careful with saying such things. A lot can be said about Windows as an operating system and Microsoft as a company. But be very careful about
Yes, there can, and has been, a lot said. A *LOT* of it has not been positive (at least since WinDoze 95). I can go on for a while, though it's OT, as to their *lousy* design decisions, and then there's all the lawsuits that they lost, where they paid to cut out competetors.
talking about its users, you do not know the reason why they run another OS than those which you love.
Lack of knowledge and/or choice.
Those who uses *nix oriented/based OSes aren't better people or superior to those not doing so. They are just different, with a different different needs. It doesn't necessarily make them victims or unlucky.
Sure it does. And we're Superior (tm), don'tcha know?
mark "actually liked DOS"
On 2/11/2011 9:58 AM, m.roth@5-cent.us wrote:
Be careful with saying such things. A lot can be said about Windows as an operating system and Microsoft as a company. But be very careful about
Yes, there can, and has been, a lot said. A *LOT* of it has not been positive (at least since WinDoze 95). I can go on for a while, though it's OT, as to their *lousy* design decisions, and then there's all the lawsuits that they lost, where they paid to cut out competetors.
But those have next to nothing to do with their current products. If you go back to '95 and look at the security/design flaws in shipping Linux products it is not pretty either. Pretty much everything had wide open holes in required network services like bind/sendmail/ftp as well as the kernel itself (wade through the changelogs on any of the programs if you aren't convinced). I do agree that pre XP/SP2 versions of windows were badly broken and still resent the trouble they caused, but it's probably time to forget that.
talking about its users, you do not know the reason why they run another OS than those which you love.
Lack of knowledge and/or choice.
Or lack of problems. Since MS started enabling a firewall by default and supplying regular updates it mostly just works. I still run XP on my work laptop, close it to sleep with running apps, open to wake up (in seconds) on a different network, bouncing between wired/docked and wireless undocked transparently and it runs for months at a time. Another laptop at home does the same with Windows 7 (minus the dock). It has been much easier to use windows running the NX client with freenx on Linux than to keep working video drivers for native X on linux. I can boot into Linux on my work laptop, but why? The only real reason is if I want to access an ext3 formatted disk via USB and that turns out to work just as well under vmware player, keeping XP's more agile network management and leaving my other open apps running.
Les Mikesell wrote:
On 2/11/2011 9:58 AM, m.roth@5-cent.us wrote:
Be careful with saying such things. A lot can be said about Windows as an operating system and Microsoft as a company. But be very careful
about
Yes, there can, and has been, a lot said. A *LOT* of it has not been positive (at least since WinDoze 95). I can go on for a while, though it's OT, as to their *lousy* design decisions, and then there's all the lawsuits that they lost, where they paid to cut out competetors.
But those have next to nothing to do with their current products. If
They have *everything* to do. Look, I *said* this is OT, but since you insist, the overwhelmingly *bad* design decision was to put the GUI into ring 0, instead of the way Windows 3, and X on *Nix, and *everybody* else did, resulting in a GUI error bringing down the *entire* system. <snip>
mark
On Fri, 11 Feb 2011, m.roth@5-cent.us wrote:
They have *everything* to do. Look, I *said* this is OT, but since you insist, the overwhelmingly *bad* design decision was to put the GUI into ring 0, instead of the way Windows 3, and X on *Nix, and *everybody* else did, resulting in a GUI error bringing down the *entire* system.
<snip>
I thought Vista brought that to be much more inline with how it is on linux.
It's still the case that a graphics driver error on linux can take out the entire system, so it's not like linux is some sort of gold standard on this front.
jh
On Fri, Feb 11, 2011 at 10:47 AM, John Hodrien J.H.Hodrien@leeds.ac.uk wrote:
It's still the case that a graphics driver error on linux can take out the entire system, so it's not like linux is some sort of gold standard on this front.
e.g., any modern Ubuntu can write 300 GB per day of syslog if equipped with at least certain Nvidia video cards (I'm unaware of which ones might work).
That makes the system unusable, essentially a self-invoked denial of service.
Apparently there is a little internal disagreement in the Debian/Ubuntu camp about Nouveau.
https://help.ubuntu.com/community/BinaryDriverHowto/Nvidia#Recommended
which says, in part:
<quote> Recommended step for Ubuntu 10.04 or higher Nouveau, an open source driver, is installed by default. You can remove it by command-line by entering this:
sudo apt-get --purge remove xserver-xorg-video-nouveau </quote>
On 2/11/2011 10:39 AM, m.roth@5-cent.us wrote:
Be careful with saying such things. A lot can be said about Windows as an operating system and Microsoft as a company. But be very careful
about
Yes, there can, and has been, a lot said. A *LOT* of it has not been positive (at least since WinDoze 95). I can go on for a while, though it's OT, as to their *lousy* design decisions, and then there's all the lawsuits that they lost, where they paid to cut out competetors.
But those have next to nothing to do with their current products. If
They have *everything* to do. Look, I *said* this is OT, but since you insist, the overwhelmingly *bad* design decision was to put the GUI into ring 0, instead of the way Windows 3, and X on *Nix, and *everybody* else did, resulting in a GUI error bringing down the *entire* system.
<snip>
Yes, but with Linux and many, many, many combination of shipping software and existing hardware you actually have GUI errors. With the combinations of windows drivers and hardware I've used, I haven't seen any such error in years. While I agree that even running a GUI at all on a server is a waste of resources, in practice it is not something that matters. My company runs about 10x the number of windows servers as Linux. Not my choice of course, but we don't see OS-related differences in reliability, just different quirks you have to work around.
On Fri, Feb 11, 2011 at 11:39:21AM -0500, m.roth@5-cent.us wrote:
They have *everything* to do. Look, I *said* this is OT, but since you insist, the overwhelmingly *bad* design decision was to put the GUI into ring 0, instead of the way Windows 3, and X on *Nix, and *everybody* else did, resulting in a GUI error bringing down the *entire* system.
The only part that runs in ring 0 is the video driver. The GUI itself runs in userspace.
In Linux the graphics driver runs in userspace, but even that can freeze a machine because it requires direct hardware access. My Radeon HD 2400 PRO driver will cause an immediate lockup if I run X, then quit X, then start X again.
So the ring-0 stuff is a bit of a red herring.
On 02/11/11 8:39 AM, m.roth@5-cent.us wrote:
They have*everything* to do. Look, I*said* this is OT, but since you insist, the overwhelmingly*bad* design decision was to put the GUI into ring 0, instead of the way Windows 3, and X on*Nix, and *everybody* else did, resulting in a GUI error bringing down the*entire* system.
the "GUI" is a fairly nebulous term. The graphics display driver is indeed at ring zero for performance (in fact in early versions of NT, it ran in ring 1 or 2, but the performance hit of the ring transitions to access IO ports on early graphics cards was overwhelming so in NT4 it was moved to ring0). However, the GDI, User (window manager), desktop, and about everything else are in ring3 user space.
John R Pierce wrote:
On 02/11/11 8:39 AM, m.roth@5-cent.us wrote:
They have*everything* to do. Look, I*said* this is OT, but since you insist, the overwhelmingly*bad* design decision was to put the GUI into ring 0, instead of the way Windows 3, and X on*Nix, and *everybody* else did, resulting in a GUI error bringing down the*entire* system.
the "GUI" is a fairly nebulous term. The graphics display driver is indeed at ring zero for performance (in fact in early versions of NT, it ran in ring 1 or 2, but the performance hit of the ring transitions to access IO ports on early graphics cards was overwhelming so in NT4 it was moved to ring0). However, the GDI, User (window manager), desktop, and about everything else are in ring3 user space.
I'll assume that you've actually worked with the code; I haven't. However, I also trust it about as far as I can through a sumo wrestler, since I *know* as a fact that M$ frequently had apps make direct calls, *not* to the system, but directly to the hardware because the code ran so slowly. For example, the classic proof was when Apple went from Moto chips to PowerPC, and it broke Word, where they were doing just that (and I've heard that from friends who are Macaholics).
mark
On Saturday, February 12, 2011 05:27 AM, m.roth@5-cent.us wrote:
John R Pierce wrote:
On 02/11/11 8:39 AM, m.roth@5-cent.us wrote:
They have*everything* to do. Look, I*said* this is OT, but since you insist, the overwhelmingly*bad* design decision was to put the GUI into ring 0, instead of the way Windows 3, and X on*Nix, and *everybody* else did, resulting in a GUI error bringing down the*entire* system.
the "GUI" is a fairly nebulous term. The graphics display driver is indeed at ring zero for performance (in fact in early versions of NT, it ran in ring 1 or 2, but the performance hit of the ring transitions to access IO ports on early graphics cards was overwhelming so in NT4 it was moved to ring0). However, the GDI, User (window manager), desktop, and about everything else are in ring3 user space.
I'll assume that you've actually worked with the code; I haven't. However, I also trust it about as far as I can through a sumo wrestler, since I *know* as a fact that M$ frequently had apps make direct calls, *not* to the system, but directly to the hardware because the code ran so slowly. For example, the classic proof was when Apple went from Moto chips to PowerPC, and it broke Word, where they were doing just that (and I've heard that from friends who are Macaholics).
Oh stop digging deeper. You get app crashes and even lock ups too on UNIX/Linux. There is only one thing that we can all agree on. All Microsoft ware are high security risks and should be run inside a software fortress so to speak.
Everything else is pretty much the same nowadays.
On Fri, Feb 11, 2011 at 11:27 AM, Les Mikesell lesmikesell@gmail.com wrote:
On 2/11/2011 9:58 AM, m.roth@5-cent.us wrote:
Be careful with saying such things. A lot can be said about Windows as an operating system and Microsoft as a company. But be very careful about
Yes, there can, and has been, a lot said. A *LOT* of it has not been positive (at least since WinDoze 95). I can go on for a while, though it's OT, as to their *lousy* design decisions, and then there's all the lawsuits that they lost, where they paid to cut out competetors.
But those have next to nothing to do with their current products. If
Make a bet? Video drivers, alone, and the feeping creaturism of the base web browser create significant risks.
RHEL and CentOS have much, much tighter basic privilege handling. The complexity of the NTFS ACL structure, for example, is so frequently mishandled that it's often ignored and simply dealt with as "Administrator". The result is privilege escalation chaos.
This turns out to be one of the problems with SELinux, in fact. It's so powerful and complex, and ill managed in many instances, that many developers simply disable it and ignore it, especially for web applications. (Don't get me going on the pain of integrating locally built Lilac and Bugzilla with SELinux: eeewwwwh!)
you go back to '95 and look at the security/design flaws in shipping Linux products it is not pretty either. Pretty much everything had wide open holes in required network services like bind/sendmail/ftp as well as the kernel itself (wade through the changelogs on any of the programs if you aren't convinced). I do agree that pre XP/SP2 versions of windows were badly broken and still resent the trouble they caused, but it's probably time to forget that.
Not as big, serioiusly. The separation between "userspace" and "kernelspace" and "root access" was much better than it has been in the Windows world.
talking about its users, you do not know the reason why they run another OS than those which you love.
Lack of knowledge and/or choice.
Or lack of problems. Since MS started enabling a firewall by default
Or need to play Half-Life. (Games are why my desktop is Windows, it runs CentOS comfortably in VirtualBox.)
and supplying regular updates it mostly just works. I still run XP on my work laptop, close it to sleep with running apps, open to wake up (in seconds) on a different network, bouncing between wired/docked and wireless undocked transparently and it runs for months at a time. Another laptop at home does the same with Windows 7 (minus the dock). It has been much easier to use windows running the NX client with freenx on Linux than to keep working video drivers for native X on linux. I can boot into Linux on my work laptop, but why? The only real reason is if I want to access an ext3 formatted disk via USB and that turns out to work just as well under vmware player, keeping XP's more agile network management and leaving my other open apps running.
Sadly, freenx is abandonware. So is neatx. (I've been working with them lately.) The clients and servers from NoMachine are pretty good, and play nicely on CentOS. (I'm using them now for personal use, which their license allows.) The new NX version 4 alpha release is very, very alpha. We'll see how it works out in the long term. I've been trying to pay them for licenses, but the licensing model hasn't fitted anything I can *explain* to the people who sign checks.
RHEL and CentOS have much, much tighter basic privilege handling. The complexity of the NTFS ACL structure, for example, is so frequently mishandled that it's often ignored and simply dealt with as "Administrator". The result is privilege escalation chaos.
And how is the user-group-world permissions system any better?
I work daily with both *nix & NTFS ACL's and given the choice I prefer NTFS' for the finer grained control.
You want to create a folder in which user A & B have access to but nobody else? In *nix you create a group that both those users belong to and set the folder to use that group's permissions. In NTFS you set the ACL's so those two users have (almost) full access to the folder. Simple enough.
Now say you need to create another folder which only users B & C have access to? In *nix you create another group, one that B & C belong to, and assign that group permissions to that folder. NTFS? Set the ACL's so that only B & C have access.
Now let's say we want User A to have read only access to that second folder? They're not the owner, and don't belong to the group, so world permissions are your only choice. What if this folder is a confidential folder containing files the CEO & VP should be able to alter but the Admin Assistant needs to be able to pick files from? You really don't want a lowly peon down in shipping seeing the confidential memo now do you?
In NTFS you just add user A to the folder with read only permissions.
Now expand this out to hundreds of folders and watch the *nix groups multiply like rabbits.
Admittedly a few areas of NTFS ACL's cause some confusion, inheritance and precedence rules among them, but if you take the time to read how they work and play with it before putting it into production it's actually quite easy to work with.
RTFM? :-)
On Fri, 11 Feb 2011 at 6:38pm, Drew wrote
RHEL and CentOS have much, much tighter basic privilege handling. The complexity of the NTFS ACL structure, for example, is so frequently mishandled that it's often ignored and simply dealt with as "Administrator". The result is privilege escalation chaos.
And how is the user-group-world permissions system any better?
I work daily with both *nix & NTFS ACL's and given the choice I prefer NTFS' for the finer grained control.
Erm, *nix has fully functional ACLs as well. 'man setfacl'
On 02/11/2011 09:36 PM, Joshua Baker-LePain wrote:
On Fri, 11 Feb 2011 at 6:38pm, Drew wrote
RHEL and CentOS have much, much tighter basic privilege handling. The complexity of the NTFS ACL structure, for example, is so frequently mishandled that it's often ignored and simply dealt with as "Administrator". The result is privilege escalation chaos.
And how is the user-group-world permissions system any better?
I work daily with both *nix & NTFS ACL's and given the choice I prefer NTFS' for the finer grained control.
Erm, *nix has fully functional ACLs as well. 'man setfacl'
In fact, you can do things very easily with *nix acls that are very difficult in Windows. For example, you can set different 'Default' permissions (what will be on things created in the directory) than the permissions that are actually on the directory. You can set different masks for different groups or users in the same directory, etc.
In fact, you can do things very easily with *nix acls that are very difficult in Windows. For example, you can set different 'Default' permissions (what will be on things created in the directory) than the permissions that are actually on the directory. You can set different masks for different groups or users in the same directory, etc.
That's not accurate. You can do exactly that very trivially with Container Inheritance flags only etc...
On 02/12/2011 12:57 AM, Joseph L. Casale wrote:
In fact, you can do things very easily with *nix acls that are very difficult in Windows. For example, you can set different 'Default' permissions (what will be on things created in the directory) than the permissions that are actually on the directory. You can set different masks for different groups or users in the same directory, etc.
That's not accurate. You can do exactly that very trivially with Container Inheritance flags only etc...
It is NOT trivial in Windows to have the permissions on a directory set so that Bob has rwx permission on the directory, but when new files (or directories) are created in that directory Bob has r-- permissions on the files inside the said directory.
You can "assign" different permissions on each file and directory in Windows by turning off inheritance and making an assignment. You can not easily make default create permissions be different than the container the objects are created in.
regardless of the OS, any time you start to get tricky with per object permissions, before long you end up with a complex mess that's a pain in the butt to keep track of.
On 2/12/11 4:05 AM, John R Pierce wrote:
regardless of the OS, any time you start to get tricky with per object permissions, before long you end up with a complex mess that's a pain in the butt to keep track of.
And this is especially true if you don't first map the users to a group role or job position, then set appropriate permissions for files/directories based on the roles instead of the individuals that are temporarily involved with them. You really don't want to maintain systems by searching the entire filesystem for acls containing a user and changing it to some other user. And generally you'll want a mail group associated with the role as well. I always liked the way SME server let you associate users with groups in its web admin interface and then took care of the details of setting up permission groups and mail groups for you. Too bad it doesn't do LDAP to make it suitable for places with more than one server.
On Fri, Feb 11, 2011 at 9:38 PM, Drew drew.kay@gmail.com wrote:
RHEL and CentOS have much, much tighter basic privilege handling. The complexity of the NTFS ACL structure, for example, is so frequently mishandled that it's often ignored and simply dealt with as "Administrator". The result is privilege escalation chaos.
And how is the user-group-world permissions system any better?
I work daily with both *nix & NTFS ACL's and given the choice I prefer NTFS' for the finer grained control.
You want to create a folder in which user A & B have access to but nobody else? In *nix you create a group that both those users belong to and set the folder to use that group's permissions. In NTFS you set the ACL's so those two users have (almost) full access to the folder. Simple enough.
If you *need* that level, you use NTFSv4 ACL's. But the result is often that it gets so complex, so fast, that ever figuring out who ever owned or had access to something in the first place is a nightmare. It slows filesystems, it complicates backups, and it's proven itself fairly dangerous because of the tendency to toss in extraneous access.
Now let's say we want User A to have read only access to that second folder? They're not the owner, and don't belong to the group, so world permissions are your only choice. What if this folder is a confidential folder containing files the CEO & VP should be able to alter but the Admin Assistant needs to be able to pick files from? You really don't want a lowly peon down in shipping seeing the confidential memo now do you?
Yes, it solves some problems. But the complexity and inconsistencies get pretty nasty pretty fast, and I've found the results a nightmare in privilege escalation issues, and the mishandling so very common in basic system configuration files and common software that it's rarely worth the difficulty to resolve.
In NTFS you just add user A to the folder with read only permissions.
Now expand this out to hundreds of folders and watch the *nix groups multiply like rabbits.
Only if you're trying for that fine a grain of control. If you need to handle that fine grained control, it's not a file system issue it's a procedural one.
Admittedly a few areas of NTFS ACL's cause some confusion, inheritance and precedence rules among them, but if you take the time to read how they work and play with it before putting it into production it's actually quite easy to work with.
RTFM? :-)
Easy to work with, and way, way, way too common to screw up.
On Sat, Feb 12, 2011 at 3:38 AM, Drew drew.kay@gmail.com wrote:
RHEL and CentOS have much, much tighter basic privilege handling. The complexity of the NTFS ACL structure, for example, is so frequently mishandled that it's often ignored and simply dealt with as "Administrator". The result is privilege escalation chaos.
And how is the user-group-world permissions system any better?
I work daily with both *nix & NTFS ACL's and given the choice I prefer NTFS' for the finer grained control.
You want to create a folder in which user A & B have access to but nobody else? In *nix you create a group that both those users belong to and set the folder to use that group's permissions. In NTFS you set the ACL's so those two users have (almost) full access to the folder. Simple enough.
in unix you can use acls as well. See getacl/setacl. No sweat.
Anyway, neither in windows nor in unix/linux you want to specify permissions on a per user level. Always groups. If the user leaves the company and the permissions are on a per user level you need to start all over again. If on a per group level, just disable/remove the user from the group and it keeps working for the rest of members.
Bonus points if you enable your helpdesk group to administer the groups and the children folders so you no longer have to waste any time with this boring stuff.
On Saturday, February 12, 2011 09:02 PM, Natxo Asenjo wrote:
On Sat, Feb 12, 2011 at 3:38 AM, Drewdrew.kay@gmail.com wrote:
RHEL and CentOS have much, much tighter basic privilege handling. The complexity of the NTFS ACL structure, for example, is so frequently mishandled that it's often ignored and simply dealt with as "Administrator". The result is privilege escalation chaos.
And how is the user-group-world permissions system any better?
I work daily with both *nix& NTFS ACL's and given the choice I prefer NTFS' for the finer grained control.
You want to create a folder in which user A& B have access to but nobody else? In *nix you create a group that both those users belong to and set the folder to use that group's permissions. In NTFS you set the ACL's so those two users have (almost) full access to the folder. Simple enough.
in unix you can use acls as well. See getacl/setacl. No sweat.
Anyway, neither in windows nor in unix/linux you want to specify permissions on a per user level. Always groups. If the user leaves the company and the permissions are on a per user level you need to start all over again. If on a per group level, just disable/remove the user from the group and it keeps working for the rest of members.
And what do you do when you have cases that a user needs access to these set of files/directories but not all the files/directories the group has access to?
On Sat, Feb 12, 2011 at 8:09 AM, Christopher Chan christopher.chan@bradbury.edu.hk wrote:
On Saturday, February 12, 2011 09:02 PM, Natxo Asenjo wrote:
Anyway, neither in windows nor in unix/linux you want to specify permissions on a per user level. Always groups. If the user leaves the company and the permissions are on a per user level you need to start all over again. If on a per group level, just disable/remove the user from the group and it keeps working for the rest of members.
And what do you do when you have cases that a user needs access to these set of files/directories but not all the files/directories the group has access to?
We create specific groups and netgroups for teams/subteams accessing specific shares and servers.
On Sat, Feb 12, 2011 at 2:09 PM, Christopher Chan christopher.chan@bradbury.edu.hk wrote:
On Saturday, February 12, 2011 09:02 PM, Natxo Asenjo wrote:
Anyway, neither in windows nor in unix/linux you want to specify permissions on a per user level. Always groups. If the user leaves the company and the permissions are on a per user level you need to start all over again. If on a per group level, just disable/remove the user from the group and it keeps working for the rest of members.
And what do you do when you have cases that a user needs access to these set of files/directories but not all the files/directories the group has access to?
If you are in such a scenario, then you have not planned your folder structure well enough :-)
What do you do when you have thousands of users in your company? Do you keep individual permissions or do you use group permissions?
I know what I'd rather do, specially if I need to audit that folder structure.
On Sunday, February 13, 2011 03:38 AM, Natxo Asenjo wrote:
On Sat, Feb 12, 2011 at 2:09 PM, Christopher Chan christopher.chan@bradbury.edu.hk wrote:
On Saturday, February 12, 2011 09:02 PM, Natxo Asenjo wrote:
Anyway, neither in windows nor in unix/linux you want to specify permissions on a per user level. Always groups. If the user leaves the company and the permissions are on a per user level you need to start all over again. If on a per group level, just disable/remove the user from the group and it keeps working for the rest of members.
And what do you do when you have cases that a user needs access to these set of files/directories but not all the files/directories the group has access to?
If you are in such a scenario, then you have not planned your folder structure well enough :-)
What do you do when you have thousands of users in your company? Do you keep individual permissions or do you use group permissions?
I know what I'd rather do, specially if I need to audit that folder structure.
You are assuming that company structure is somehow sensible. Just saying that 'always groups' may not work everywhere.
On 2/11/11 6:55 PM, Nico Kadel-Garcia wrote:
you go back to '95 and look at the security/design flaws in shipping Linux products it is not pretty either. Pretty much everything had wide open holes in required network services like bind/sendmail/ftp as well as the kernel itself (wade through the changelogs on any of the programs if you aren't convinced). I do agree that pre XP/SP2 versions of windows were badly broken and still resent the trouble they caused, but it's probably time to forget that.
Not as big, serioiusly. The separation between "userspace" and "kernelspace" and "root access" was much better than it has been in the Windows world.
So exactly what couldn't you do after exploiting one of the holes in bind or sendmail or the kernel? It is only recently that bind was moved to a chroot and sendmail to mostly run as a non-root user.
Sadly, freenx is abandonware. So is neatx. (I've been working with them lately.) The clients and servers from NoMachine are pretty good, and play nicely on CentOS. (I'm using them now for personal use, which their license allows.) The new NX version 4 alpha release is very, very alpha. We'll see how it works out in the long term. I've been trying to pay them for licenses, but the licensing model hasn't fitted anything I can *explain* to the people who sign checks.
Yes, it's too bad memory wasn't cheap back when X was designed or maybe they would have done client caching in the first place.
At Thu, 10 Feb 2011 21:25:24 +0000 CentOS mailing list centos@centos.org wrote:
One of my VPS stopped working. After the data centre replaced a disk normal service resumed, then I notices this:
CentOS release 5.5 (Final) Kernel 2.6.35.4 on an x86_64
I always thought Centos 5.x would always be on 2.6.18. Any thoughts?
Depending on what sort of VM system the data centre uses, it is possible to have a non-standard kernel. This is my VPS (CentOS 4.8):
sauron.deepsoft.com% ssh sharky.deepsoft.com cat /etc/redhat-release CentOS release 4.8 (Final) sauron.deepsoft.com% ssh sharky.deepsoft.com uname -r 2.6.18-194.17.1.el5.028stab070.7
*I* don't have control over the kernel -- this is set up as part of the virtual machine setup, by the people I am renting the VPS from.
CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
-
Always Learning -
Brunner, Brian T. -
Christopher Chan -
David Sommerseth -
Drew -
John Hodrien -
John R Pierce -
Johnny Hughes -
Joseph L. Casale -
Joshua Baker-LePain -
Larry Vaden -
Les Mikesell -
m.roth@5-cent.us -
Natxo Asenjo -
Nico Kadel-Garcia -
Robert Heller -
Stephen Harris -
Tom H