SCO doesn't sell UNIX
Rob Healey
rhealey at digibd.com
Sat Dec 8 08:48:59 AEST 1990
In article <1990Dec3.050103.21819 at ping.uucp> gorpong at ping.uucp (Gordon C. Galligher) writes:
>In article <1990Nov29.205938.3671 at digibd.com> rhealey at digibd.com (Rob Healey) writes:
>Have you used the crontab of SCO's unix? Have you used the 'df' program of
>SCO's unix? Have you used the su of SCO's unix? All of these things are
>not 'standard' UNIX, even with C2 security relaxed. You cannot 'su' to
>root (or anyone else) unless you mess with the tcb/auth/crap files manually.
>If you finally are successful in su'ing to root, you are really NOT root.
>You cannot do things like change user's passwords (unless your LOGIN-ID has
>a special thing set up on tcb/auth/crap, and then you can be the normal user
>and STILL change other's passwords). If you 'su' to another user, you cannot
>use 'crontab' which breaks things like: su uucp -c 'crontab /tmp/crontab'.
>This is all things which are done in a user's point of view (yes, users DO
>use the 'su' command, well, er, they DID before SCO "unix" came out...).
>
1) The output of df and df -t on my SCO UNIX 3.2v2.0 EXACTLY
matches the format of the df and df -t commands on an
AT&T WGS running 3.2 5 feet away. These are the only two
options I use. Also, the output of df /usr/lib matched
as well. So, I don't see what the problem is.
2) Crontab and su do differ due to security. I'm not sure
I'd want su uucp -c 'crontab /tmp/crontab' to work but
I usually like to mess with crontabs directly. su to
root can be granted via sysadmsh but I use a different
program anyhoo and execsuid is all an authorized user needs.
We don't have users using su to get things done, we do
it a different way but that's a matter of administration...
3) As far as passwd goes, take away auth privledge with sysadmsh
or edit /etc/auth/system/default and /etc/auth/subsystem/auth
manually. The user can still change thier own password but
not everyone else's. It does work, I tried it just now.
The admin's like the fact that they don't have to su in
order to change a password that someone forgot. By the way,
by setting up /etc/default/{goodpw,passwd} properly you
CAN make passwords as strict or as loose as you want.
sysadmsh can be used to turn off password ageing as well
for all users or just select users.
>You may say that this is the security thing; well, yes it is. The problem
>is, SCO has made the security TOO much a part of the entire operating
>system. Merely 'relax'ing security in the sysadmsh is not enough. Too
>many programs expect it to be running. It is almost as bad as Sun's
>brain-damaged 386i line which forced its users to use YP, you could not
>even send MAIL without having YP running, but I digress. :-)
>
It's a matter of how much time you can spend learning the system.
We do fine but we had to take some time to learn it. Since alot
of our business is SCO UNIX and Xenix it was worth our time to
learn it.
My point is that SCO UNIX differs in system administration and
in some features advanced users would use if their shop
doesn't provide other means; su and crontab. It's different but
not necessarily evil or bad. Some of the SCO extentions are
DAMN useful, others are a pain.
You're waiting for SVR4, it'll be a MAJOR change from what you're
used to and there is ALOT of new things to learn for system admin's
and advanced users. If you think sysadmsh was "fun", wait till you
see R4's equiv! Filesystem reorganization will be another fun change!
And you can FORGET about online man pages... You also get the
joys of following symlinks to symlinks to symlinks to ...
SCO UNIX 3.2v2.0 is a useful UNIX system if you learn how security
works. If you can't take the time to learn it, choose one of the
other raw UNIX 3.2 systems. If you're comming up from Xenix,
SCO UNIX softens the blow a bit.
I think SCO UNIX's pluses outway the minus of the security
system. I haven't seen much bashing not related to security,
that seems to indicate to me that that's the main problem. The
security can be tamed and the added value tools are useful
for cross development. To each his own I guess...
I just wanted to point out that there ARE sites that are
using SCO UNIX and doing just fine. The security boogie
man has more bark than bite.
-Rob
More information about the Comp.unix.sysv386
mailing list