Practical Unix & Internet Security

Charles McColm writes "At just under 1,000 pages the 3rd edition of Practical Unix & Internet Security might look intimidating on the shelf, but a quick glance through the pages reveals that it is both practical and entertaining. With Slammer and Blaster making their way into the news it seemed like a good time to brush up on security. Already considered a classic reference, the 3rd edition of the book provides extensive updated information about topics like PAM (Pluggable Authentication Modules), LDAP, forensics, intrusion detection, wireless devices, and cryptography." Read on for the rest of McColm's impressions of the book. Practical Unix & Internet Security author Simson Garfinkel, Gene Spafford & Alan Schwartz pages 954 publisher O'Reilly & Associates rating 8/10 reviewer Charles McColm ISBN 0596003234 summary The 3rd edition of Practical Unix & Internet Security adds much-needed updated information to an already classic security text. It's very comprehensive but a little dry in parts.

Practical Unix & Internet Security is divided up into six sections:

The first section covers the basics of computer security, tracing the history of Unix and security, as well as providing details of what should be in a good security policy.

The second section covers the building blocks of security, authentication, users and groups, filesystems, cryptography, physical security for servers, and personnel security.

Network and Internet security are focused on in the third section, with emphasis on modems and dialup security, TCP/IP networks, securing TCP and UDP services, Sun RPC, NIS, Kerberos, LDAP, NFS, and SAMBA, and finishing up with a chapter dedicated to secure programming techniques.

Day-to-day operations are the focus of the fourth section. Keeping up to date, making backups, defending accounts, using integrity checking tools, and auditing, logging, and forensics are all expanded upon in detail over five chapters.

The fifth section rounds off the main part of the book by describing how to handle security incidents. Special focus is given to discovering a break-in, protecting against programmed threats, Denial of Service Attacks (& DDoS), legal options, and a chapter on who you can trust.

The Appendixes make up the sixth and final section. Not a spot is wasted in the appendixes, which begin with a Unix security checklist, and then outline Unix processes, provide extensive links to both paper and electronic resources, and conclude with a sub-section on security organizations.

Among the topics I found most interesting were: Access Control Lists (ACL), Pluggable Authentication Modules (PAM), the section about 128-bit keys and dictionary-based passwords, connection laundering, honeypots, the false syslog example, and the example detailing a call to Microsoft's anti-piracy help line. The real-life examples scattered throughout Practical Unix & Internet Security keep the security sections from seeming overwhelming. This is one of the few books that I've found ever chapter of the appendix useful, so don't overlook them as simple reference pages.

Normally one-liners are reserved for movie discussions but for those who've already delved into Practical Unix & Internet Security here are a few of my favorite one-liners:

• "...we do believe that making files readable and writable by everyone leads to many evil deeds." - talking about the octal mode 666.

• "Humidity is your computer's friend." - just before static discharge kills your entire system.

• "Beware of Key Employees." - warning against making one person so key that their departure could cause your company irreparable harm.

• "You mean, you don't really have a copy? [of Windows 98]" - the last part of a conversation with Microsoft's Anti-Piracy line. The company which called Microsoft's was tracing some intruders who had uploaded a copy of Windows 98 to the company's web site and was using the site to peddle warez. Microsoft was just about to launch Windows 98. The example shows just how clueless some help desks can be.

There are a few spelling mistakes and grammatical flaws but not enough to take away from the bulk of the information and no glaring omissions. UUCP coverage was dumped because UUCP simply is not a practical anymore now that more advanced alternatives like sendmail exist. I started glazing over material by the middle of the NIS chapter, but it probably had more to do with the fact that I was thinking about the other 400 or so pages I had to read before I finished the main section of the book rather than the topic itself.

One of the great things about Practical Unix & Internet Security is that it is appropriate for a wide audience. There is relevant material for system administrators, security, company decision makers, even the guy sitting at the accounting terminal. Despite its massive size Practical Unix & Internet Security is entertaining enough to be read cover to cover. (It's good for the arm muscles too.) Though it is easy to read, beginners should probably reread their system manual before plunging headlong into this book. All in all Practical Unix & Internet Security continues to be one of those must-have books for any Linux user.

You can purchase Practical Unix & Internet Security from bn.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

Practical UNIX...

The companion book seems, uh, interesting too. :)

Re:Practical UNIX...

[mav[LAG]]

I prefer the older, more direct edition.

the thing i always want to know

[Transient0]

when talking about computer books is:

What does this book offer that I can't easily find by asking google or google groups?

Re:the thing i always want to know

[Dr+Caleb]

What does this book offer that I can't easily find by asking google or google groups?

No power requirements and need to connect to the Internet. Very handy feature.

Re:the thing i always want to know

[hether]

Most of the time the answer is not a lot, but that it sometimes a lot easier/quicker to find the information you need in a book and you can bring it with you, say on a plane, to use when you don't have an internet connection. But hey, if you want to use Google for everything go right ahead.

Re:the thing i always want to know

[SuperguyA1]

Sometimes people like to read, ph33r, offline.

Re:the thing i always want to know

[Transient0]

which is the reason I specified "computer books." Of course, I could use the internet for word definitions as well, but I'm not always at the computer when I need them, so I own a dictionary.

Perhaps I should have been more specific and said "networking books." When the topic is Internet Security, chances are pretty good you have a network connection available to you at the time when you are asking the questions.

Re:the thing i always want to know

[fireboy1919]

Well, you can't use google or google groups to prop up your missing desk leg, and it won't help you reach that highest shelf to get your old physics book.

It's also not nearly as impressive for that geek-babe you've had your eye on to catch you searching google as to catch you reading this.

Re:the thing i always want to know

[Kenterlogic]

While you make a good point about the power of google (see Thomas Friedman opinion on June 29). There is always falibility in the system to uncover results that are legitimate-- though always seemingly relevant. A book, and a longwinded one at that, is only good for putting everything in one place in this situation.

That having been said, Linux security is pretty well documented and easy to search on google. If only Windows had a bit of security, then M$ could have a book of its own as well. Sadly, Windows and security contradict one another.

Re:the thing i always want to know

[budcub]

Google can't help you if you don't know what to ask it.

Re:the thing i always want to know

[Torp]

Well, a book may help when you're trying to make your computer reach google groups :)

Re:the thing i always want to know

[Creepy+Crawler]

And then I can assume that things determined too dangerous for "Consumers" will be banned from google.

One centralised Corporation makes it REAL easy to control the flow of knowledge.

For now, it's some urban exploration and scientology. Wonder what it'll be tomorrow?

Re:the thing i always want to know

[xanadu-xtroot.com]

Sometimes people like to read, ph33r, offline.

What's this "offline" thing you mention? I've never heard of it.

What's their website?

Re:the thing i always want to know

[l4X]

quality of information on one support outside your screen over overwhelming quantity in split up places ?

Re:the thing i always want to know

[kfg]

What does this book offer that I can't easily find by asking google or google groups?

A book.

KFG

Re:the thing i always want to know

[KillerHamster]

http://www.offline.org/

Get for just $27!

Thanks to froogle price check

Re:Get for just $27!

[BladeRider]

Barnes & Noble have the second edition available on CD as part of the CD Networking Bookshelf package for $14. Includes the DNS and Bind book, 3rd Ed. in hardcopy.

viruses

[K_Bomb]

one thing unix doesnt really have to worry about is viruses..

except when the virus has a brain and the users choose weak passwords

Re:viruses

[Medievalist]

one thing unix doesnt really have to worry about is viruses..

I'm not so sure.

Since people frequently use tools like NIS, rdist, rsync/ssh, and LDAP to create single authentication domains that span multiple physical boxen, somebody could use one of the usual social engineering tricks to get root on a single box and then load a boot-sector infector into the .profile in root's home dir. Then, every time root logs in on any particular physical box, that box get the boot-sector virus loaded.

Best that *nix sysadmins remain on guard, regardless.

Re:viruses

[jdludlow]

boot-sector infector

Sounds like a nerd garage band.

Re:viruses

[Eric+Ass+Raymond]

Here I am. sitting at work listening to Husker Du, and I just realize that I wasted my youth - I never started a nerd garage band.

Re:viruses

[rutledjw]

somebody could use one of the usual social engineering tricks to...

Not with the facist-nazi SAs I have in my group. Root should really never be handed out. "sudo" may not be perfect, but it's a far better alternative. The only reason we give root out is for very specific servers and for limited amounts of time.

The other thing is that your trusted server had better not be loading .profile from remote boxes anyway, certianly not for root. Even our everyday users have scripts they have to run to set up specific environment variables that need to change. If they don't change _WE_ put them in .profile.

Examples of what would change is CATALINA_BASE if you have multiple tomcat instances running, or maybe JAVA_HOME if they're testing the latest JDK. But I want them EXPLICITLY running a script to set those variables. It helps them avoid confusion and reduces noise on my end.

Other than that, we try to keep the environment pretty "pure".

Remember "social engineering" only works on people with social skills! We read BOFH articles in the same way as "HOW-TO" documents! ;)

Re:viruses

[jonadab]

> Remember "social engineering" only works on people with social
> skills! We read BOFH articles in the same way as "HOW-TO" documents!

User: I'm having a little trouble starting up Notepad...
BOFH: That's because we're standardising everyone on two text
editors, to maintain consistency across the network. We
upgraded the Windows systems from Notepad to EDLIN last
night during overnight processing.
User: But I don't know how to use EDLIN!
BOFH: Whose fault is that?
User: You said two text editors. What's the other one?
BOFH: The Unix systems all have sed. You wouldn't believe
the whining we got from the vim nerds and Emacs geeks,
but they'll get over it.

sec

[XshadowstarX]

I think a few new books on Windows security will be coming out soon to take advantage of the latest worms. But its the nature of the open-source community to continually test each other that ultimately leads to security excellence.

At least you have your health!

How does one glance quickly through a 1000-page book without straining something important? ;-D

UUCP

[Medievalist]

UUCP coverage was dumped because UUCP simply is not a practical anymore now that more advanced alternatives like sendmail exist.

Um, I think you meant "UUCP is not necessary anymore now that PPP, NNTP and SMTP are widely supported".

Sendmail (a program) is not an alternative to UUCP (a protocol). Even if you are talking about the UUCP software and not the protocol, the alternative is pppd, not sendmail.

Sendmail still supports UUCP, but most distros do not enable that support, and hardly anyone uses UUCP anymore.

Re:UUCP

[Medievalist]

If you really enjoy pointless configuration tasks, you can run UUCP over anything that can simulate a serial line.

But the main selling point of UUCP was to be able to handle scheduled intermittent connections.

This was useful before the Internet got its mojo on, when Email was delivered in batches in a fido-style bucket brigade. "This Email is for California, dial up Chicago at midnight and have them pass it on".

Usenet also started on UUCP (yes, Usenet existed before the Internet) but migrated to NNTP over IP just as Email has migrated to SMTP over IP.

Today, you'd use pppd, a daemon that implements the Point-to-Point protocol. PPP has compression and authentication features that UUCP lacks, but does everything else that UUCP does.

Re:UUCP

[philfr]

Actually, UUCP over TCP is probably the only sensible way to operate a full-featured mail server on a dynamic IP address or on an intermittent connection. Even people with dialup connections can have at home a full MTA serving multiple domains connected through UUCP to their (nice) provider. Other solutions (ETRN on SMTP, maildrop on POP3) are broken somewhere. UUCP is a generic store-and-forward protocol, supporting binary file transfer and custom commands, not only mail or news. UUCP mail transport can be easily customized, to add compression (third world countries have used that over slow dialup links), encryption, and of course it works over SSH (using the port forwarding features), SSL (with Stunnel). Even if it was designed for serial lines, its later protocol variants were optimized for TCP (full-duplex, no need for error correction...) Only people who don't know UUCP say that UUCP is obsolete. Alas, most ISPs don't know UUCP.

Re:UUCP

[Medievalist]

I didn't say it was obsolete, I said it was unnecessary.

Sendmail and fetchmail's queueing functions implement store-and-forward quite nicely... and in any case, I have been helping to run a full MTA (sendmail) for three domains on a dynamic IP *without* the co-operation of the (completely evil and un-nice) provider for three years now, so I have to say you're mistaken about the need for UUCP.

Dynamic DNS is a simple solution that works fine for me and hundreds of other people with DHCP-assigned IP addresses.

I can accomplish anything UUCP can accomplish without using UUCP. Thus, while not obsolete, it is unnecessary.

Re:UUCP

[philfr]

The store and forward feature of UUCP is quite different to SMTP's. If your final destination host can be off-line for, say, two weeks (vacation maybe ?), and you don't want mail to be bounced back, you have to tweak the retry configuration of the relaying MTA.

UUCP will instead consider this mail delivered once it is in an intermediate spool. I have a cable ISP that forbids me to run an SMTP server (on port 25 anyway) and changes my IP address regularly.

Dynamic DNS allows my remote UUCP host to contact me anytime on a non-standard port of my choice, but could not allow me to run a standard SMTP server, nor to be off-line for more than a few days.

Re:UUCP

[Ian+Lance+Taylor]

Certainly UUCP is not necessary. But for laptop users it is more convenient than something like fetchmail. It operates as a push protocol--when new mail comes in, it is immediately sent to the laptop if the laptop is on-line, otherwise it is queued until the laptop comes on-line. I've been using it this way for years.

Re:UUCP

[Medievalist]

Very true. I'm not trying to start a technical definition war here, I just pointed out a bug in the original article and things rolled downhill...

Capitalization is usually used to define which thing you're writing about: UUCP is a protocol, and uucp is a suite of programs.

I think some implementations used the name uucpd for the daemon and uucp for the uid it ran under, but older versions ran as root and were named uucp. (Don't trust this last comment, though, it's based on my foggy recollections of using UUCP for mail delivery two decades ago.)

Re:UUCP

[Medievalist]

That's pretty clever! But I use IMAPS, personally, because I don't like push protocols and I want to leave my mail spools on my SMTP node... where my valuable communcation is on a RAID5 device that gets backed up, and is less likely to be stolen than a laptop.

Re:UUCP

[Medievalist]

You're still requiring a co-operative node outside the restrictions of your ISP. Using UUCP to communicate between that node and your cable node is just one way to do it.

I'm not trying to say you shouldn't use UUCP, use whatever you want. I'm saying UUCP is no longer an indispensible part of a *nix system, because it does not perform any tasks that can't be accomplished in other ways.

Using almost any standard linux distribution, you could probably come up with a dozen ways to do what you need - having an external friendly node makes the whole problem fairly trivial. Solving the same problem without any external assistance, now that'd be a tricky thing.

Simson Garfinkel...

[ravind]

...I love their music :D

this vs. Robert Slade in comp.risks

[ansak]

For more book reviews, especially on computer security, watch for Robert Slade's regular contributions to comp.risks. It doesn't look as though Robert has reviewed this one yet so I'll look forward to reading and comparing. His praise for a former edition seems uncharacteristically positive -- compare reviews of Secrets of a Super Hacker or Computer Security Basics -- so I'll be surprised if he doesn't praise this one, too...

cheers...ank

is there a digital copy with the book?

[phaetonic]

my newest requirement is to have the book in PDF format so I can simply search for keywords, saving time, and hassle. having the PDF on a few different computers and storing the book away after skimming through it works better than having thousands and thousands of pages take up my precious 500 sq ft. apartment

Re:is there a digital copy with the book?

[TCM]

Yes, ed2k link please!

Re:is there a digital copy with the book?

[prostoalex]

Not PDF, but online in html.

Re:is there a digital copy with the book?

[LinuxHam]

Being a good IBMer, here are a couple. :) But seriously, many people tend to miss IBM's publishing arm, and never even realize that all of their books are published as freely downloadable PDF's. Granted, there's an IBM slant to most of it, but there are some really good, get-to-the-good-stuff, hands-on tasty morsels in there. In fact, this book on AIX is currently $117 at Amazon. Take the PDF to OfficeMax and get a book bound with comb binding (so it opens flat) for 1/3rd the price, and you can put the CD you burned the PDF onto inside the back cover :)

If you [have|want] to manage large quantities of Linux servers, pay closer attention to the Linux on zSeries materials since its customary to run hundreds of virtual Linux servers at a time, and they still need to be managed. Same goes for HPC clusters. Since these books are written by different people, its neat to hear the tack they've each taken to managing large-scale communities. One book even touches on configuring a Linux virtual server on a zbox with LEAF to serve as a software firewall for the remaining machines.

You laugh!

Re:1000 pages

[BoomerSooner]

This book is excellent. It's the best I've read on the subject and it has surprisingly good content where you're not bored out of your mind.

Real World Linux Security

and also importantly...

[spamchang]

what about social engineering? or do they trust management and sysadmins to be socially mobile, compatible, and perceptive? i think humans are one of the weaker links in the security chain.

Re:and also importantly...

[alansz]

Actually, we did spend some time on that.

- Alan (one of the co-authors)

Hey...

[blueforce]

One of the great things about Practical Unix & Internet Security is that it is appropriate for a wide audience

I resemble that remark.

Re:Hey...

[delorean]

you forgot something:
I resemble that remark you insensitive clod!

Re:Hey...

[HolyCrapSCOsux]

I tried reading Oreilly's Unix Power tools, I then decided to read the man page for every command in /bin. I then wiped my Linux install with a badly formatted shred command. Now I am going to try LFS. Is it appropriate for me? Hmmmm.

HP-sUX still needs UUCP

Because the uucp uid still owns all the serial port hardware. You need UUCP so that your modems will work, even though they are not running the UUCP protocol.

One MORE reason why HP-UX is the most GODAWFUL WORST *NIX on the FUCKING PLANET!

Re:HP-sUX still needs UUCP

[rifter]

Because the uucp uid still owns all the serial port hardware. You need UUCP so that your modems will work, even though they are not running the UUCP protocol.

This is irrational. Presumably you could create any user/group you wanted and give it access to this hardware, so long as the users that the programs that need access to this hardware run as are also part of that group/that user. BUt why mess with perfection? If it works, there is no reason to change it. There is nothing magic about the name uucp. It just happens to be the name chosen by convention.

Re:HP-sUX still needs UUCP

[jonadab]

> One MORE reason why HP-UX is the most GODAWFUL WORST *NIX

Are you certain you don't have it confused with XENIX?

This sounds like something I want on my shelf...

[John+Seminal]

I know that many computer users do not ever look at computer security, they just plug it in and go. At the best, some of my friends will block ports, but that is about it. They do not check logs, or anything. And how many people out there have a second PC attached by serial cable to log intrusion data? I think if more people secured their systems, then everyones security would increase because there would be less places to launch attacks from. What we need is someone at the major distros to write a program which, when executed, will secure a system. Something which is point and click "easy".

This book is overkill for slammer/blaster

[SpaFF]

With Slammer and Blaster making their way into the news it seemed like a good time to brush up on security.

You don't need a 1000 page book on security to patch your systems against worms; you need a 1 page book on common sense.

Re:This book is overkill for slammer/blaster

> (Score:2, Flamebait)

Moderators on crack, film at 11.

Sample Chapters

Sample chapters of the book can be found here and here. I read this first one (the one on TCP/IP) and found that it was an excellent introducation to it. The other is on "secure programming techniques." Gotta read that.

Here's my book

[LittleLebowskiUrbanA]

Using thisduring my install of an OpenBSD firewall taught me a quite a bit.

Re:$5.50 CHEAPER and FREE SHIPPING

[Eric+Ass+Raymond]

Excellent point.

This silly "let's pretend Amazon with its cheaper prices does not exist" farce really should stop already.

Re:Mode 666?

ummmm...back to unix school for you...

777 is rwxrwxrwx : Read, Write & Excutable for all

666 is rw-rw-rw- : Read, Write for all

remember octal? r=4; w=2; x=1

r + w = 4 + 2 = 6

rho

Re:This sounds like something I want on my shelf..

[John+Seminal]

To me, security is a sound backup and restoration plan, and not keeping all of my personal info in a file called "my banking stuff.doc"

You must not have met my parents, or many people who are not that computer literate. To many, many people a computer is just a tool they use to make life easier. It should not be a full time job to administer.

The problem is with all the hackers, port sniffers, crackers, and the like. I want to see some harsh penalties which send people to jail just for looking.

1000 page?

[pixelgeek]

Why can't book publishers provide these tomes in multiple volumes so you don't have to break your wrists trying to read through the book?

My RSI is bad enough as it is.

A book like this borders on being unreadable because of its size. And its especially irritating to have to man-handle the book if you just want to look at the material in a single section or chapter.

Re:1000 pages

[Nermal]

I second that, mostly. I've been thinking about doing a review of it here, actually.

Basically, my only gripe about it is the case studies, which were one of the reasons that I bought it. They're all what he and his buddies did during the 70s to academic systems that they already had physical access to. Duh. Oh, that and him using a 'case study' to bitch about MCI.

He's also the first person I've ever read advocating the use of active blocking software, though he makes a good case for his (pretty kludgey) own system.

Anyway, yeah. It's a pretty good book. Worth reading through for any tips one might have missed, but probably not a replacement for something more thorough like the ORA guide (not that I'm assuming you suggested that).

Re:Sheesh.

[rifter]

What the world needs is a book on WINDOWS security. Not YABOUS.

This is the answer to your Windows security problem.

good book for beginners

[stonebeat.org]

After reading the sample chapter @ oreilly, it seems like a good book fo beginners. I if you have involved in sysadmin/sys security, this book might be too basic for you. Just my thoughts.
www.xml-dev.com

Re:good book for beginners

[LinuxHam]

Yes, an older edition of this book did help me back when I was a beginner. But, its also one of the books that taught me that by the time something is in print, it's already out of date.

I learned all the great stuff about TCP Wrappers and how it was revolutionizing inetd. When I went to my Slackware box to try to implement, it was already done! Same for shadow passwords. Its funny in that, even being a 7 year user and an RHCE, it still seems like commercial UNIX was in the dark ages until the early 90's just based on those two features alone. Not to say MS was any better (my god no), but to require applications to have root privs to bind to a low port and have world-readable password hashes just seems like something from a million years ago. Different times, those were.

I *still* have to instruct local UNIX pros on the virtues of ssh over telnet. If the X forwarding over ssh doesn't sell them on it, password collectors like ettercap will, every time ;)

Re:good book for beginners

[swordgeek]

Well thank you for judging the depth of the book based on one sample chapter.

Seriously, the chapter given (11), was more of a prelude and background to chapter 12, which is securing TCP and UDP services. Don't be too misled.

Re:When will Cliff Notes be available?

[kfuq]

vcd/svcd/dvd ?

Celebrity Endorsement

[beowulf_26]

FYI, Fyodor of nmap fame endorsed this book in his earlier (and quite thorough) slashdot interview.

If it's good enough for him, it's good enough for me. That spurred me to read it, and I've found it to be quite an interesting read. It also has a good history section, detailing the "family-tree" of all the unices.

Second opinion(s)

[Music+of+the+Spheres]

I have this book. It's very good. What I would be interested in are any comments from any old hands at UNIX security who also have it and noticed anything wrong with or ommited from it. For myself, a UNIX developer with average network experience, I'd like to learn what flaws there are that I can't see.

Re:Second opinion(s)

[alansz]

I'm a co-author of this book, and I can tell you two things that were omitted. We don't spend a lot of time on web application security, because the other ORA book, Web Security, Privacy, and Commerce focuses exclusively on that. And we don't do much about 802.11 wireless security beyond noting that WEP isn't enough, because again, there's a whole book on this and the field is changing very quickly.

Of course, I still think it's a great book, but that's to be expected. :)

Re:Mode 666?

[ehiris]

Octal is one way to learn it but considering you know how to count in binary, I find the binary way more effective.

_u___g__o
rwx rwx rwx = 111 111 111

rw- rw- rw- = 110 110 110

110 in binary is 6 in decimal.

Sounds silly...

[cnelzie]

While I have thought of setting up such a configuration for regular user authentication, I had always just 'felt' that I shouldn't do that with the root accounts on the various machines under my control.

I never have known why I felt that way, just that it is something that didn't seem right to me. So, when I do get that all slapped together on the network I am running, I will make certain to work it in such a way as to keep root out of the chain.

I already use a different root password on every server on the network, even though I synchronize the passwd files for the user passwords to remain the same across the systems.

Re:Passwords are a bad idea

[duffbeer703]

Keys are also security by obscurity.

The only secure system is an open system that allows the public to find out what is going on. The open source bazaar will take care of the rest.

Or get it for just $21.47 used...

[Saeger]

...from Amazon, thanks to AddAll.com's price comparison.

Froogle isn't anywhere near as good as addall.com for books, or pricegrabber.com & pricewatch.com for tech.

--

Re:This sounds like something I want on my shelf..

[stratjakt]

Unless your parents are exceptionally stupid, and I mean helmet and drool cup stupid, I'm sure they can comprehend the principles of "make two copies of important stuff in case your computer breaks".

Re:But can we patch...

[packethead]

OpenServer is SCO5

UnixWare is UnixWare.

ah, both suck anyway.

Or save some bucks by ordering from Bookpool

[hrath]

Price at BN: $43.96, price at http://www.bookpool.com : $33.50 and possible free shipping if you order more than $40.

Disclaimer: I'm not affiliated with Bookpool and receive no kickbacks. I've been a happy customer with BP and just don't like to pay too much for books.

regards,

Heiko

Re:Mode 666?

[HR]

here is the quote:

we do believe that making files readable and writable by everyone leads to many evil deeds." - talking about the octal mode 666

that IS 666, NOT 777. a lot of damage can be done merely by writing to config files.

Re:Mode 666?

[1nsane0ne]

Doh! Good call, thats what I get for thinking. Thanks for correcting me. /me runs off to slap head against wall