General discussion


Enhance UNIX security with ACLs

By debate ·
What methods have you used to boost UNIX system security? Have you used ACLs on your UNIX systems? How did you like the results? Tell us about your experiences with enhancing security on UNIX systems, as featured in this week's Internet Security Focus e-newsletter. Then, rate the helpfulness of this column from 1 to 5, with 5 being the highest.

This conversation is currently closed to new comments.

Thread display: Collapse - | Expand +

All Comments

Collapse -

Can get the same result with a bit of pl

by Imodoye In reply to Enhance UNIX security wit ...

By properly planning users group assignments, and by using proper default file creation permissions, I find that I can achieve very fine-grained access control on Unix systems. Maybe I'm missing something? A few examples or an insight into how this mechanism works - even if only an oversimplified example - would have been useful. As it is, the article doesn't really add much to what a typical Unix admin knows about ACLs.

Collapse -

Was research paid for by Bill Gates?

by james In reply to Can get the same result w ...

I agree unix can be tuned to the n'th degree. using multiple user groups and irefutable (sic) permission the system can be choked down pretty hard.

I actually have not met any Microsoft people who could spell Security let alone manage an ACL. Most MS systems allow passwords that allow the password to be the same as the user.

ACL's are usuall application level items on modern systems anyway. So in case anyone is wondering. Just lock down the system (umask 077 on home directories for starters) and manage the applications correctly.

Collapse -

ACLs on the network

by Marcus Ferreira In reply to Enhance UNIX security wit ...


ACLs are good. I use them on Solaris 8 because I missed them from NetWare.

The problem is that they do not work on NFS and I can not put this feature to work between different OSes -- in my case Solaris and Aix 4.3. And I believe that Samba cannot read ACLs too.

It is a shame. Something so useful that worked nicely between Netware and NT has not a good implementation on Unix.

Collapse -

Excelent article 5/5

by edpose In reply to Enhance UNIX security wit ...

I'm starting using UNIX so my knowledge about this OS is very limited and I want to change it. I was using and working with windows all the time. I liked your way to explain your point and in my opinion you deserve a 5/5.
Thank you

Related Discussions

Related Forums