[techtalk] Re: techtalk digest, Vol 1 #449 - 9 msgs

[Mary Gardiner]

On Sat, May 12, 2001 at 05:39:57PM +0100, Telsa Gwynne wrote:
> UNIX, as I first met it, was not based on the idea of "one box, keyboard,
> monitor and mouse, all in front of you". It was multiple users on multiple
> accounts from multiple terminals which were nowhere near the console.
> The terminals were in the library, in the 24-terminal room, in the
> CS labs, and you logged in from them. These terminals varied from 
> exciting vt100s to, um, some enthralling pieces of junk which made 
> the purpose of /etc/termcap entirely clear. (Try to run almost anything
> which involves redrawing the screen on a dumb terminal. Woo.)
> 
> All these terminals. And 'w' showed you people you'd never met and
> your friends, and they were on tty this and that. But the root user
> (or the operator account, or whatever) was sometimes logged in from
> the console. And the console was special. 
> 
> (I never really knew _why_ it was special. It Just Was. :))

This is still the case at my university, one machine, some thousands of users
(it's actually five core servers now, all NFS mounting home directories and /etc/passwd, plus about 5 linux boxes to run Netscape and javac on, using ssh, but
this is all relatively transparent).

In terms of security, this is the untrusted local user model (of those thousands
of users, I know at least two who are in a small battle-of-wits to 'get root'
and many others who want access to other people's accounts to annoy them by
changing their background images or something).

It's more annoying if you really don't trust local users, because giving them
an account in the first place gives them access to some portion of your machines
resources, such as RAM, and thus an ability to run programs containing exploits.

OK, so that's essentially a Q and A for the FAQ.

Mary.

-- 
Mary Gardiner
<mary at puzzling.org>
GPG Key ID: 77625870