Linux user management

Dist · 30 May 2009 at 00:54

I've been watching some old episodes of 24 and watching about all the user access levels and codes and all that, it has made me wonder about something. Obviously whatever OS they used in 24 is fictional, but it would not be windows, so my question is in a buisness where security is crucial, how is user management dealt with in a linux based environment?

Although i do not know about the windows side of things in this matter, i do know that they have active directory and centralized domain controllers which allow complete control over what users can/can't access. Does Linux have some sort of equivilant?

One of my thoughts is that Linux gives so much control over the whole OS and everything that is running that it may be harder to manage security. But this is my thoughts based on my limiited experience with linux in a desktop situation, not corporate.

Also, a bit off-topic but i didn't want to make a new thread just for this, in 24 they show that people can transfer a window from one users desktop on one machine to another user on another machine. Is this realy possible or is it just another made up thing for TV?

sethiroth66 · 30 May 2009 at 01:01

with linux you can set up user permission ultimately down to the specifics, i believe most distro's do this. I'd imagine most industrial/business companies to use redhat or something in a situation like this.

if you look here me and said guy go into little detail about permissions etc
but in linux i know you can set different permissions for certain say hardware and stuff

say for a printer guest you can give them permission to the printer, usb drive and applications.
and for a general guest you can give them internet access, printing permission, usb permission, /home/ dir permission

and for separate folders you can set groups that can have read/write/execute/delete access etc and same applies for files
you can be pretty flexible with the user management

also
to your off-topic question
you mean something like synergy?

Dist · 30 May 2009 at 01:49

sethiroth66 said:
to your off-topic question
you mean something like synergy?

I'm not entirely sure about synergy as i only just had a quick read on wikipedia about it. Basicaly on 24 what they could do is have a window of some program, say internet explorer, and through the menu system of some sort they can choose to send that to another computer. That other computer then has internet explorer pop up with the exact contents that it had on the previous computer. This can be done between multiple computers controlled by multiple users, and any program.

GarethDW · 30 May 2009 at 01:49

Dist said:
I've been watching some old episodes of 24 and watching about all the user access levels and codes and all that, it has made me wonder about something. Obviously whatever OS they used in 24 is fictional, but it would not be windows, so my question is in a buisness where security is crucial, how is user management dealt with in a linux based environment?

Although i do not know about the windows side of things in this matter, i do know that they have active directory and centralized domain controllers which allow complete control over what users can/can't access. Does Linux have some sort of equivilant?

One of my thoughts is that Linux gives so much control over the whole OS and everything that is running that it may be harder to manage security. But this is my thoughts based on my limiited experience with linux in a desktop situation, not corporate.

Also, a bit off-topic but i didn't want to make a new thread just for this, in 24 they show that people can transfer a window from one users desktop on one machine to another user on another machine. Is this realy possible or is it just another made up thing for TV?

Look up NIS (Network Information Service) & LDAP (Lightweight Directory Access Protocol), or DAS (Distribued Authentication System), or RADIUS (Remote Authentication Dial In User Service). Also worth reading up on Kerberos (which AD uses too).

Administering a *nix environment is no more difficult than administering Windows one really. It's all down to permissions... either user level (yuck!) or group level.

As for Q2... no idea. Do they do stuff like in Minority Report?

pingwing · 30 May 2009 at 02:29

Hummm, id say linux has a general advantage with user control as you can (in theory) set each individual account to any specific level of access to the computer (taylored though areas such as the act of adding the user and setting the permissions of each individual file)

At a corporate level id see this as an advantage as you can effectily limit anyones account to their required areas (and by denying access to the "wheel" group you completally block any ability to run as root, preventing an system wide changes)

as for Q2 i think its possible to do with some settings of X and a few extra applications, but i dont realistically know how to do it... (yet)

evilkidder · 30 May 2009 at 11:28

Linux has always had the general UNIX notion of user/group access controls for security. These are a pretty powerful way of ensuring security. It also has an extension (initially provided by NSA) called SELinux (Security Enhanced Linux) which provides much, much more fine grained control over system security. This is used in highly secure government computing environments for example.

Regarding moving windows between X-servers - there are tools that allow this (XMove for example) by setting up a psuedo X-server which then allows client windows to move between displays/machines. Individual applications can also provide this sort of support, though it's not very commonly used.

yashiro · 30 May 2009 at 14:53

You can do everything you can with file permissions on Linux, in Windows.

In a domain/network environment Windows offers more control up front.
Linux is worse if you want fast centralized user management. You have less easy options.

Peoples impressions of Windows security is tainted by end users running machines as Administrator (Root).
In this situation it would be just as easy to wreck Linux.

skiba · 30 May 2009 at 19:41

NIS / LDAP and sudo or a 3rd party similar product.

Dist · 30 May 2009 at 20:20

How standardized are these measures to manage user/group security? Do different companies that implement linux use different methods/products, are is there a specific one that is more important/widespread then the others? I'm thinking about trying to buy a few books or look for some decent guides on the subject, as well as on windows AD, and i just need to know which of the things mentioned in this thread i should start learning about.

skiba · 3 Jun 2009 at 21:34

Do you just want user/group data security? You can just use the inbuilt users/groups/netgroups within the OS, it's not that hard. But if you want restricting / allowing commands you generally use sudo. I work / have worked at some pretty large institutions so can probably tell you what you need to know if you're more specific.