Slashdot Mirror
Longhorn to use UNIX-like User Permissions
destuxor writes "After years of Windows users abusing administrative accounts out of necessity, Microsoft promises that Longhorn will make better use of user permissions in what sounds exactly like what UNIX/Linux users have been doing for years. Hopefully this will fix the long list of applcations that cannot be run by a Least-Privilege User Account (LUA) while giving a much-needed security boost. Too bad "MS-root" can't watch over your grandmother when she opens emails."
The Tao of math: The numbers you can count are not the real numbers.
--
Evan (Really nifty language)
"$30 for the One True Ring. $10 each additional ring!" -- JRR "Bob" Tolkien
The permission mechanisms in Windows NT/2k/XP are pretty flexible. Unix is only just migrating from the old user/group/world permission set to access control lists, something that is readily available for just about everything in the Windows operating system, from files to individual registry entries.
The problem with Windows permission management is that a) it is completely hidden from the casual user, b) there are no guidelines how applications can be made to work with restricted privileges and programmers are too lazy to figure it out themselves and c) the default XP install makes everybody an admin, so there is very little incentive for application programmers to get it right.
The ability is already there in XP to run at lower permission levels for most applications, it's just that few developers have properly coded for it, as they assume the user will be administrator. I would say that 20-30% of this problem is the developers fault, because the tools are there.
We've had the same issues at work but we've found that if you examin the bad applications closely they mostly want write access for the user in the 'programs files' area or the windows or winnt area. Giving users of these programs the proper write access solves most of the problems. We found one program that required a registery edit to work properly with just 'user' privilages. It is a major PITA to find out all these details to tighten security but we are doing it.
zenray
Can I recommend Aaron Margosis' blog? It provides a lot of tips for running as non-admin. His PrivBar is very helpful. He also talks about scripts that launch other apps with elevated permissions without having to log off - they change the user's permissions (give them admin rights), logon as that user, launch the app, and finally reset the permissions, all within the current user's session.
There's a lot that can be done to enable software to play nicely under a limited user account. Sometime's it's not worth the effort, but in some cases changing permissions on select registry keys and NTFS folders can get things working.
So basically, there were conspiracy theories that it was done on purpose, but nothing definitive. Seriously, am I the only one who remembers this? I wasn't even sure it this behavior ever really changed, but it was enough to convince me to always get drivers from the manufacturer (not MS) and ignore the driver signing warnings Windows threw up.
'Being root' and running a SUID CD burning application is rather different. In fact, it's entirely different, since you're granted no special rights as a user.
/etc/fstab is for, specifically the user flag. That is indeed a bogus claim.
You do not have to be root to mount anything. That's what
Most programs can be installed as a regular user under $HOME. I've done it many times on systems where I have no root access. This includes everything from Lua to GTK+. In fact, very few Linux programs require root access to install and use properly.
Either you haven't used Linux, or you haven't bothered to learn how to use it properly.
Wow, so you mean that things are locked down by default and you have to specifically enable things like letting users burn cds or mount things?
You have to be root to install almost anything.
Yes and no, some programs allow you to install to your home directory and then you don't need any permissions. Other than that it's the same for any OS, windows included.... it just happens to be that with windows everyone's usually an admin.
You have to be root to mount a CD-ROM, USB device like a dongle or camera, SMB share or floppy.
You have to be root to burn a CD.
chmod my friend...
Now, everyone is going to start screaming that the above trollishness is bogus but, it isn't. Sure, you can easily get around most of this stuff and many distros do. How? They get around it by either giving world writable access to the device or by SUID on the application. It's really no different.
Actually it is very different and you don't have to give world writable access to the devices in question if you don't want to. Have you ever heard of groups? You could for instance make a cdwriter group and then assign users you want to be able to burn cds to that group. The big difference is that there is no way to really do this in windows. You're either an admin or you're not. Giving someone access to write to a cdrom drive won't allow them to say accidentally install some virus. If they do install some virus, it would be limited to things they have access to.
Oh and it's this way with all Unixes, not just Linux. I for one am glad to see windows is finally catching up to UNIX, hopefully they won't mess it up too badly. This wouldn't be the first time I thought windows was going to do something good, only to find they implemented it wrong or introduced a whole slew of other problems.
As the way it should be. This is the reason why I and I'm sure a lot of other people don't run windows. In Windows, anybody can muck up your system. In *NIX, it's a lot harder. Hell, the run as service doesn't even work very well in Windows. Speaking of, does anybody else notice how Windows is reverting back to UNIX? There is speculation that NT is based on VMS (VMS -> WNT is incrememnting a letter, check the safemode stuff with disk0/part1/ nix type stuff). further reading
Mount points have been supported since 2000 in Windows. And hardlinks. ACLs and multiple streams per file were supported almost from the very beginning.
Before bashing something you should at least RTFM, otherwise you just look like a typical teenage Linux zealot.
Then you would be correct. Many of the original NT designers worked on VMS at DEC, including their lead architect.
Here's the story: http://www.windowsitpro.com/Articles/Index.cfm?Iss ueID=97&ArticleID=4494
This was why I had to drop Winamp. My choices were to either run Winamp as Administrator or not have access to the media library function.
Winamp is a TOTAL pain in the ass when it comes to running as a limited user, but there are a few ways to get it to work right without running as admin. The first, obviously, is to install Winamp to your user directory. This is not the most secure method, but with some care it can be (relatively) safe and certainly better than logging on as admin. The other way is a bit more complicated and involves a plugin and directions that can be found here.
Read Windows NT and VMS: The Rest of the Story
Just because marketing says it's "new technology" doesn't make it so. NT originally referred to the codename N-10 Intel i860 CPU that it was going to run on.
If I run a malware email attachment as a normal user on my Windows box, it can damage at most that user's profile. That user doesn't have permission to write to anything outside their profile, and so can't damage anything else. Before it can even run, the directory or hash for the binary can't be on SRP's blacklist and the user needs file execute permission.
Although SRP wasn't introduced until XP, everything else has been true since the first version of NT. Show me malware that can bring down an entire Windows system when run as a normal user.
If you're running it as admin, then that's the first problem, isn't it?
Let's go over this week's list of problems:
1) HP scanner software - as administrator, works fine. As user, press a button on the scanner and the software can't find the scanner (!).
2) Norton Systemworks - as administrator, updates just fine. As user, can't run updates.
3) Turbotax. Same as Systemworks.
And that's just this week!