Linux in the Enterprise WAS Re: [plug] Codeweavers
Luke Dudney
dex at wn.com.au
Thu Apr 24 17:18:05 WST 2003
On 24/04/03 17:11, Steve Grasso wrote:
>[snip]
>
>This is at the desktop. At the enterprise server level, there are other
>issues when working in very heterogeneous environments (read mixed-mode
>Win2k/NT + Linux). In a fundamentalist nutshell, Microsoft presumes the
>corporate world to be a hierarchical place, with centralized loci of control
>and diminishing power to affect change devolving from all-powerful Enterprise
>Admins at the top, to the barely-enabled Domain Users at the bottom. By
>comparison, Linux has no well defined corporate world view, having grown from
>a milieu of collective giftedness and collaboration. It is no real wonder
>that these worlds as yet intersect incompletely.
>
>A short, sad story to illustrate:
>
>I (and others on the list more esteemed than I) wrestled unsuccessfully to
>replace an enterprise-level W2K file server with a Debian/Samba 3 equivalent.
>An easy ask one might expect. Not so. After some time and considerable effort
>the system was up, users and their ca. 70GB of files migrated with their
>existing ACLs intact and the system tested, only to fail in one small,
>unexpected detail: the "modify" or "change" file permissions attribute (which
>allows the owner of a file, or Domain or Enterprise Admins to control who can
>modify or change file permissions) has no equivalent under Linux. "Who
>cares?" you might ask. Well, the short answer is Domain or Enterprise Admins,
>who have responsibility to ensure file ACLs actually grant access to those
>allowed, deny access to those not allowed and prevent those who *are* allowed
>from making the files inaccessible through 'creative' modification of the
>permissions. This is easy stuff in a small office, but Freddy Kruger
>incarnate over hundreds of thousands of files over tens of hundreds of users.
>
>Perhaps there is an elegant solution (no, fiddling with group memberships
>wouldn't cut it) and if anyone's found one, I'd like to hear about it - but
>in the time allowed, determined by infrastructure needs, we couldn't do it.
>
>Steve
>:-(
>
>
>
Tridge touched on this in his LCA20003 talk.
See
http://mirror.3fl.net/pub/lca2003-iso/loopback/papers/Tridge_Talk/Abstract.html
Cheers
Luke
More information about the plug
mailing list