Linux in the Enterprise WAS Re: [plug] Codeweavers

Luke Dudney dex at wn.com.au
Thu Apr 24 17:20:20 WST 2003 


On 24/04/03 17:18, Luke Dudney wrote:

> On 24/04/03 17:11, Steve Grasso wrote:
>
>> [snip]
>>
>> This is at the desktop. At the enterprise server level, there are 
>> other issues when working in very heterogeneous environments (read 
>> mixed-mode Win2k/NT + Linux). In a fundamentalist nutshell, Microsoft 
>> presumes the corporate world to be a hierarchical place, with 
>> centralized loci of control and diminishing power to affect change 
>> devolving from all-powerful Enterprise Admins at the top, to the 
>> barely-enabled Domain Users at the bottom. By comparison, Linux has 
>> no well defined corporate world view, having grown from a milieu of 
>> collective giftedness and collaboration. It is no real wonder that 
>> these worlds as yet intersect incompletely.
>>
>> A short, sad story to illustrate:
>>
>> I (and others on the list more esteemed than I) wrestled 
>> unsuccessfully to replace an enterprise-level W2K file server with a 
>> Debian/Samba 3 equivalent. An easy ask one might expect. Not so. 
>> After some time and considerable effort the system was up, users and 
>> their ca. 70GB of files migrated with their existing ACLs intact and 
>> the system tested, only to fail in one small, unexpected detail: the 
>> "modify" or "change" file permissions attribute (which allows the 
>> owner of a file, or Domain or Enterprise Admins to control who can 
>> modify or change file permissions) has no equivalent under Linux. 
>> "Who cares?" you might ask. Well, the short answer is Domain or 
>> Enterprise Admins, who have responsibility to ensure file ACLs 
>> actually grant access to those allowed, deny access to those not 
>> allowed and prevent those who *are* allowed from making the files 
>> inaccessible through 'creative' modification of the permissions. This 
>> is easy stuff in a small office, but Freddy Kruger incarnate over 
>> hundreds of thousands of files over tens of hundreds of users.
>>
>> Perhaps there is an elegant solution (no, fiddling with group 
>> memberships wouldn't cut it) and if anyone's found one, I'd like to 
>> hear about it - but in the time allowed, determined by infrastructure 
>> needs, we couldn't do it.
>>
>> Steve
>> :-(
>>
>>  
>>
>
> Tridge touched on this in his LCA20003 talk.
> See 
> http://mirror.3fl.net/pub/lca2003-iso/loopback/papers/Tridge_Talk/Abstract.html 
>
>
> Cheers
> Luke
>

Obvious typo here: I meant LCA2003. I would hope this issue has a 
solution by 20003.

Cheers

More information about the plug mailing list