Re: System administration tool

[Dave Stagner <dave spnz org>]

On Sat, Apr 10, 1999 at 09:19:05AM -0400, John Kodis wrote:

> I don't understand how this project differs from or overlaps with the
> other fairly mature "Grand Unified Configuration Tools" such as COAS
> (http://www.coas.org) and Linuxconf (sorry, no URL).

Well, i can't speak to COAS, as i haven't used it yet (the rpm version
coredumps, and i haven't compiled source yet).  Linuxconf... well,
it's dog slow, just coredumped on me when i clicked a "don't quit"
button, etc, but those things can be fixed.  More importantly, though,
it MUST run as root.  One of my fundamental design goals is to provide
a secure tool for users to administrate any part of the system,
without knowing the root password or executing any commands as root.
The standard Unix mechanism for this is suid root, but suid programs
are generally security holes.  Moreover, it's difficult to provide
sophisticated access control that way, such as giving only one or two
years certain root privileges.  

Take a common example from business environments running Novell... the
help desk can change user passwords.  Do we simply hand root access to
the help desk for this?  Nope... it should be possible to provide root
authority for ONE task to ONE user, without giving them root password
or giving others the same authority via suid.  Linuxconf can't do
this.  My system should be able to do this, via access control lists.  

The other difference for my system is the module model.  I'm trying to
make it as similar to html/cgi as i can, so it is familiar to as many
programmers as possible, and as easy to program as possible.  

Of course, this is all vaporware right now, so don't take me too
seriously.:}

-- 
Practice beautiful randomness and act kind of senseless.