Install into /usr/local
Dan Shoop
shoop at iwiring.net
Tue Feb 13 09:14:35 PST 2007
At 12:10 PM +1100 2/13/07, Alex Satrapa wrote:
>I believe that Dan's message is that *someone* is the administrator
>of the system, regardless of whether it's the owner/operator in a
>1-man show, or some nominated individual(s) in a larger
>business/corporation. This person is the one who needs to make the
>decision, and (this is the part Dan hasn't touched on) absent any
>training the safest option for the incumbent is to make sure all
>software is installed as owned by a non-operator user account, with
>'root' being a safe-ish fallback (as long as programs aren't run as
>root unless they need root privileges).
The benefit of things being owned by root is that they can then be
set such that then only root can modify them, not other users. That
then requires any changes to be made by a suitably priviliged
sysadmin.
>As a starter, the issue of ownership of binaries versus
>runtime-userid is related to Privilege Separation
>(http://en.wikipedia.org/wiki/Privilege_separation), or the
>Principle of Least Privilege. For the more technical, there's the
>"Red Book" (which is now purple, but nevermind):
>http://www.admin.com/Pages/USAH.html, or more specifically the Apple
>Training Series: Mac OS X System Administration Reference. They're
>all heavy reading, but then Unix is a heavy operating system.
Unix is *very* lightweight actually. Compare it to VMS or MVS.
--
-dhan
------------------------------------------------------------------------
Dan Shoop AIM: iWiring
Systems & Networks Architect http://www.ustsvs.com/
shoop at iwiring.net http://www.iwiring.net/
1-714-363-1174
"The wise man doesn't give the right answers, he poses the right
questions." -- Claude Levi-Strauss
------------------------------------------------------------------------
iWiring provides systems and networks support for Mac OS X, unix, and
Open Source application technologies at affordable rates.
More information about the MacOSX-admin
mailing list