[CentOS] prevent users from fiddling with network?

Fri Sep 22 14:29:19 UTC 2017
Valeri Galtsev <galtsev at kicp.uchicago.edu>

On Fri, September 22, 2017 8:31 am, Leroy Tennison wrote:
> As Scott said, nothing is perfect.  On Ubuntu (16.04 - the current long
> term support version) all home directories are world executable/readable
> ("Security?  What's that?").

Thanks Scott and Leroy for your advises. I agree, Ubuntu almost from the
very beginning was (IMHO) aimed to be single user laptop or desktop
system. Being Debian replica, _that_ was what differed it from Debian.
Debian, though very rich and independent (not backed by company - even one
with excellent reputation) had its quirks. I bet everybody remembers
random number generator flop that was on Debian and all its clones for
about 4 years before it became publicly known and fixed (basically,
someone commented our fair chunk of code of random number generator for
debugging, and left it that way, - so all random numbers had only 4 first
bits random and the rest deterministically predictable from those). All
Debian (and clones) admins had to re-generate all key pairs, certificates,
etc., and live guessing if bad guys ever visited they systems, or rebuild
those. I do not recollect a flop like that on RedHat side (praising good
guys again, thigh not liking their direction now). So, I'm still looking
for centrally manageable and installable en masse Linux system (my users
do need to run variety of code written on and for Linux) - thanks for
suggestions everybody!


> ----- Original Message -----
> From: "Scott Robbins" <scottro11 at gmail.com>
> To: "centos" <centos at centos.org>
> Sent: Thursday, September 21, 2017 9:40:03 PM
> Subject: Re: [CentOS] prevent users from fiddling with network?
> On Thu, Sep 21, 2017 at 07:00:12PM -0500, Valeri Galtsev wrote:
>> On Thu, September 21, 2017 6:13 pm, Scott Robbins wrote:
>> > On Thu, Sep 21, 2017 at 05:23:23PM -0500, Valeri Galtsev wrote:
>> >>
>> >
>> > Well, this is my longstanding rant against RedHat and friends.  Take a
>> > look
>> > at what Fedora is doing before blithely throwing it into RedHat.
>> >>
>> > Most Fedora stuff is for single user laptops, and frankly, a lot of it
>> > seems developed by people with no concept of system administration.
>> Well, I guess we see Microsoft money invested into ("donated" to? ;-)
>> RedHat at work. Yes, my servers are FreeBSD for long time already, but
>> as
>> we have to use Linux for wide variety of stuff, we may need to start
>> looking which other distribution (better from sysadmin's prospective) to
>> flee to. Scott, I'd be glad to hear your advise on that matter. (As
>> CentOS
>> public mirror maintainer I will keep maintaining that indefinitely as a
>> token of gratitude to the project that gave us so much over long time).
> Unfortunately, no advice.  I haven't used Debian as anything but a laptop
> install for a long time, but their developers did, in the past, seem to
> have better ideas of system administration. They have their own issues, of
> course, nothing is perfect.
> --
> Scott Robbins
> PGP keyID EB3467D6
> ( 1B48 077D 66F6 9DB0 FDC2 A409 FA54 EB34 67D6 )
> gpg --keyserver pgp.mit.edu --recv-keys EB3467D6
> _______________________________________________
> CentOS mailing list
> CentOS at centos.org
> https://lists.centos.org/mailman/listinfo/centos
> _______________________________________________
> CentOS mailing list
> CentOS at centos.org
> https://lists.centos.org/mailman/listinfo/centos

Valeri Galtsev
Sr System Administrator
Department of Astronomy and Astrophysics
Kavli Institute for Cosmological Physics
University of Chicago
Phone: 773-702-4247