 |
|
 |
|
 |
|
Sys Admin and The Perl
Journal CD-ROM version 12.0
Version 12.0 delivers every issue of Sys Admin from 1992 through 2006 and every
issue of The Perl Journal from 1996-2002 in one convenient CD-ROM!
Order now! |
|
|
|
|
Tuning Your SELinux Policy with Audit2allow
Kevin Fenzi
Fedora Core 3 Linux has been shipping with Security Enhanced Linux (SELinux) enabled by default for about six months now. SELinux allows privileges to be separated much more finely than the typical approach of having users and groups and the all-powerful root "superuser". The default SELinux configuration is fine for some uses, but the SELinux configuration files make sendmail.cf look easy. In this article, I will show you step-by-step how to tune your SELinux policy to your specific needs using the audit2allow tool.
Sat, 30 Jul 2005
Effective Database Key Generation Techniques
Alexander Daminoff
Unique entity identity is one of the fundamental principles of data modeling. When devising a database of just about any type, the ability to uniquely identify every record is an essential attribute of successful design. In fact, relational database theory mandates that every relation have a primary key -- an attribute or collection of attributes that identifies it uniquely and unambiguously [1]. Besides serving as a unique ID for a given entity, a primary key is also used to establish and maintain inter-entity relationships. Thus, a human resources database is likely to relate employees to their respective departments by tagging every employee record with a department key.
Wed, 29 Jun 2005
Migrating to LDAP-Based Naming Service in a Heterogeneous Environment
Kaijun Zhan
Lightweight Directory Access Protocol, or LDAP, is increasingly popular in today's Unix/Linux environment as an option for naming services. Unlike NIS, which is based on a flat namespace, LDAP-based architecture is flexible and scalable. However, the process of seamlessly converting from one naming service to another can be very complicated.
Mon, 30 May 2005
Using Unknown Passwords
Ed Schaefer, John Spurgeon
Often, several administrators have root privileges on a system. In cases where people are allowed to log in as root or use su to become root, more than one person needs to know root's password.
Sun, 30 Jan 2005
Next Generation DHCP Deployments
Dave Hull, George F. Willard III
As device mobility has transformed a novelty into a user expectation, the need for managed dynamic network configuration in campus and wireless environments has grown exponentially. User mobility and ease of end-user device network configuration have become key requirements when designing multi-user accessible networks. Additional challenges in this environment include maintaining security access controls, usage tracking, billing, and end-user support.
Sun, 30 Jan 2005
-More-
|
|
E-Class Tools
Keith Clay
Clay describes the implementation and use of the Totalnet Access Server (TAS) from Syntax, Inc.
Sat, 29 Sep 2001
Everyone Should Have a PUP
Alistair Gardiner, Richard Hellier
This article presents a way of organizing storage by using per-user partitions (PUPs). With this layout, every account is kept in its own partition (and file system). The next section describes the operational background that gave rise to PUPs.
Fri, 30 Jul 2004
Effective Database Key Generation Techniques
Alexander Daminoff
Unique entity identity is one of the fundamental principles of data modeling. When devising a database of just about any type, the ability to uniquely identify every record is an essential attribute of successful design. In fact, relational database theory mandates that every relation have a primary key -- an attribute or collection of attributes that identifies it uniquely and unambiguously [1]. Besides serving as a unique ID for a given entity, a primary key is also used to establish and maintain inter-entity relationships. Thus, a human resources database is likely to relate employees to their respective departments by tagging every employee record with a department key.
Wed, 29 Jun 2005
Managing SUID/SGID Files
David Totsch
During the daily operation of your system, you may observe some mild-mannered files that have an ominous bit or two set. Under normal circumstances, these bits grant extraordinary powers. Under other circumstances, the power of the bits may be turned against the unsuspecting system. Normally, the SUID bit gives ordinary users the ability to perform functions like changing their own passwords. However, a cracker may expend significant effort and patience to set the same bit on a covert copy of a shell. As sys admins, we need to discern between the mild-mannered and sinister files. The ability to distinguish the well-intended from the malicious begins with identifying the special powers. Instead of the ordinary "x" execute permissions for the file user and group, a long listing reveals an "s".
Wed, 30 Aug 2000
Linux ACLs
Nicholas Kirsch
Why use Access Control Lists (ACLs)? Aren't traditional Unix file permissions enough for any situation? Consider, for example, a semester-long software engineering course in which 30 students work in three-member teams on two projects. With traditional Unix permissions, each team/project combination would require a group, because all the team members must be able to collaborate, but teams must be isolated. Additionally, the professor needs access to project files for grading and for remote assistance. With this setup, the systems administrator would need to create 20 unique groups for each semester. If there were four such courses, there would be 80 groups; and if there were four projects, there would be 160 groups. With standard Unix permissions, the students cannot administer the groups themselves and the permissions are not flexible enough to allow the students to share their files with only members of their teams. This obviously becomes a management nightmare and a lot of work for the administrator.
Mon, 30 Aug 2004
|
|
|
|
|
|
MarketPlaceInstant Answers to Your IT & Business Questions
Sign Up & Get Full Access To The Definitive Online Book Collection With SkillSoft's Books24x7�.
Build IT Knowledge with Current & Trusted Content
Helps Employees Develop & Hone New Technical Programming Skills. Sign Up & Get Full Access.
Online Crash Analysis
Automatically capture customer crash data, no debugger required. Support for .NET, C++, OS X, Java.
Discover WinDev 11 RAD
and develop 10 times faster ! ALM, IDE, .Net, PDF, 5GL, Database, 64-bit, etc. Free Express version
Wanna see your ad here? |
|
|
|
