[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Linux filesystems

To: <silug-discuss@silug.org>
Subject: Re: Linux filesystems
From: William Underwood <wllmundrwd@charter.net>
Date: Wed, 24 Mar 2004 12:53:51 -0600
Organization: Southern Illinois Linux Users Group
Reply-To: wllmundrwd@charter.net
Sender: silug-discuss-owner@silug.org

> From: Steven Pritchard <steve@silug.org>
> Date: 2004/03/24 Wed AM 11:44:35 CST

> are only used on boot-up, etc.)  And to top it all off, if an
> administrator decides to lock down a Windows box, things are likely to
> break in big ways since most Windows apps (including ones from M$)
> have *no* understanding of how to work with filesystem-level security
> enabled in any way.

Speaking from experience, you CAN lock down the filesystem so that 
Windows is secure, even from itself!  I once followed the NSA guide
for securing Windows NT, and about half way through, the system 
broke.  We're talking format-the-drives-and-reinstall broke...
 

> In other words, NTFS could be the most advanced filesystem ever, and
> it wouldn't help Windows security one bit.

And that's because, as demonstrated by the "linux password recovery boot 
disk for NT", ACLs only count if the driver respects them.  Just as you 
can write a driver that ignore NTFS ACLs, you can also write a driver that 
ignores UNIX file permission bits...
 
Now, myself, speaking as an (woefully over-) experienced Windows admin, 
with a decent amount of Unix experience, I was always more comfortable 
with NTFS ACLs when dealing with user access (least permissive 
wins)...

> Steve

William


--
William Underwood
wllmundrwd@charter.net


-
To unsubscribe, send email to majordomo@silug.org with
"unsubscribe silug-discuss" in the body.

Prev by Date: Re: Linux filesystems
Next by Date: Re: Linux filesystems
Prev by thread: Re: Linux filesystems
Next by thread: Re: Linux filesystems
Index(es):
- Date
- Thread