fc5: install everything?
Peter Gordon
peter at thecodergeek.com
Tue May 9 05:30:25 UTC 2006
Les Mikesell wrote:
> Why install a multiuser OS if only one user will ever use
> it?
The fundamental architecture of a system designed for multi-user usage
provides for enhanced control of the system by its administrators and,
most likely, much tighter security of the applications and the users'
limitations.
One of the fundamental things about GNU/Linux and other Unix-like
systems is that the user does not run with administrative privileges on
a day-to-day basis. This in itself is one of the biggest aspects of
security: Generally speaking, the most damage that a user could do is
destroy their own home directory. Things like SELinux and other MAC
(Mandatory Access Control) systems now make the superuser (root) in many
cases no more privileged than a normal user, which helps a lot since
there may likely be security holes that could give a user root-level
access to the system.
(If I recall correctly, there are actually a few locked-down SELinux
boxes setup with various distributions by the NSA and various volunteers
where you are *given* the root password, and your goal is to actually
damage the system in some way as to bypass its control. How's that for
secure? ^_^)
--
Peter Gordon (codergeek42)
GnuPG Public Key ID: 0xFFC19479 / Fingerprint:
DD68 A414 56BD 6368 D957 9666 4268 CB7A FFC1 9479
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 251 bytes
Desc: OpenPGP digital signature
URL: <http://listman.redhat.com/archives/fedora-list/attachments/20060508/8389bfb4/attachment-0001.sig>
More information about the fedora-list
mailing list