From mboxrd@z Thu Jan 1 00:00:00 1970 X-Msuck: nntp://news.gmane.io/gmane.comp.sysutils.supervision.general/1239 Path: news.gmane.org!not-for-mail From: Vincent Danen Newsgroups: gmane.comp.sysutils.supervision.general Subject: Re: svlogd and umask settings Date: Sat, 16 Sep 2006 11:20:54 -0600 Organization: Annvix Message-ID: <20060916172054.GA806@annvix.org> References: <20060830220325.GK25489@annvix.org> <20060901174940.GY25489@annvix.org> <20060915144744.18045.qmail@3430f19bcf16f5.315fe32.mid.smarden.org> <20060915152226.GI18873@annvix.org> <20060916095109.GA24837@skarnet.org> NNTP-Posting-Host: main.gmane.org Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="+QahgC5+KEYLbs62" X-Trace: sea.gmane.org 1158427301 27510 80.91.229.2 (16 Sep 2006 17:21:41 GMT) X-Complaints-To: usenet@sea.gmane.org NNTP-Posting-Date: Sat, 16 Sep 2006 17:21:41 +0000 (UTC) Original-X-From: supervision-return-1475-gcsg-supervision=m.gmane.org@list.skarnet.org Sat Sep 16 19:21:40 2006 Return-path: Envelope-to: gcsg-supervision@gmane.org Original-Received: from antah.skarnet.org ([212.85.147.14]) by ciao.gmane.org with smtp (Exim 4.43) id 1GOdr8-0000Jk-WF for gcsg-supervision@gmane.org; Sat, 16 Sep 2006 19:21:31 +0200 Original-Received: (qmail 5986 invoked by uid 76); 16 Sep 2006 17:21:51 -0000 Mailing-List: contact supervision-help@list.skarnet.org; run by ezmlm List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Archive: Original-Received: (qmail 5980 invoked from network); 16 Sep 2006 17:21:50 -0000 Original-To: supervision@list.skarnet.org Content-Disposition: inline In-Reply-To: <20060916095109.GA24837@skarnet.org> X-Mailer: Mutt 1.5.x/OS X 10.4.x X-PGP-Key: http://linsec.ca/vdanen.asc X-URL: http://annvix.org/ User-Agent: Mutt/1.5.10i X-SA-Exim-Connect-IP: 68.149.37.7 X-SA-Exim-Mail-From: vdanen@annvix.org X-Spam-Checker-Version: SpamAssassin 3.1.0 (2005-09-13) on hades.annvix.org X-Spam-Level: X-Spam-Status: No, score=-4.4 required=6.0 tests=ALL_TRUSTED,BAYES_00 autolearn=ham version=3.1.0 X-SA-Exim-Version: 4.2 (built Wed, 01 Feb 2006 18:29:36 -0700) X-SA-Exim-Scanned: Yes (on hades.annvix.org) Xref: news.gmane.org gmane.comp.sysutils.supervision.general:1239 Archived-At: --+QahgC5+KEYLbs62 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable * Laurent Bercot [2006-09-16 11:51:09 +0200]: > > and I'm aiming to protect dumb admins from themselves. >=20 > I don't want to start a discussion here, or sound patronizing, but > might I suggest you're on a wild goose chase ? ;) No, I don't think I am. I might be, but where's the harm, really? Other than tending to sound, as you say, patronizing, or perhaps elitist, I don't see the point in telling a user or customer what you're telling me. =3D) > Unix wasn't made to protect dumb admins from themselves. It was made > to be used by people who know what they're doing. (And that's the > reason why there are so many Unix problems and misconfigurations.) Absolutely. But that doesn't mean it can't be done differently, or more correctly. It certainly doesn't mean that I shouldn't bother or try and assume a holier-than-thou "if you can't figure it out you don't deserve to use it" attitude. Of course, if they bugger things up even with the little bits of properness that are implemented, it's still *their* problem (not mine), but as a Linux distributor I'm doing my part to ease things. > I have found so far that the most efficient way to write software that > aims to ensure proper working and security of a Unix system is to set > clear boundaries and document them: point A is the software's > responsibility, point B is *your* responsibility as the admin and you > should make sure it works before running the software. Sure, but I'm not coding anything. I'm packaging a Linux distribution. So setting sane defaults and whatnot is part of the "job". > Anyway. Enough ranting. Yeah, that's fine. You can rant all you like, but it doesn't much matter to me. Others might take your elitist attitude to heart, and that's fine (for some stuff I also share similar elitist attitudes), but to sit back and tell people they're not smart enough to use it so I won't bother making it any easier on them seems, well, really arrogant. But that's ok too... it is unix after all and we are, more often than not, elitist, arrogant, and better than the mindless sheep that use other operating systems. =3D) --=20 {FEE30AD4 : 7F6C A60C 06C2 4811 FA1C A2BC 2EBC 5E32 FEE3 0AD4} mysql> SELECT * FROM users WHERE clue > 0; Empty set (0.00sec) --+QahgC5+KEYLbs62 Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (Darwin) iD8DBQFFDDJ2LrxeMv7jCtQRAgZeAKCLBOmRjammK9sKRFP4Gy2NaFcsyQCbBVBF YWLffV26vrnWJlIHq8PhHoM= =a6cz -----END PGP SIGNATURE----- --+QahgC5+KEYLbs62--