Quote:
Originally Posted by
mohtashims
@Cragun: We have naive users who are given access to our servers. They do not understand the significance of -f option and due to overlook they may specify a folder instead of a file becoz they overlooked the space charecter in the path to the file making it a folder path.
First off: if you do not want a user to delete a file set the ownerships and other rights of this file accordingly. This is what they are for.
Second: if you do not want users to execute a certain command flag the executable accordingly by taking away the execute-rights for "others". This is what this device is for.
Third and foremost: users may be technically less savvy but they aren't idiots. They might shoot themselves into the foot sometimes but not because they are masochists - they simply didn't know better. In fact they have some work to do (this is why all the servers and their maintenance staff were brought in in first place) and letting the system second-guess what they want to do is usually a bad idea.
In fact there is such a system: Microsoft Windows. Guess, why 99% of the important servers are NOT running an OS with the design philosophy of
when the user says he wants A i suppose what he really wants is B therefore i will do C claiming that i did D instead because the moron using me wouldn't know the difference between A,B,C and D anyway. This is not only an insulting attitude towards users it is also putting obstacles into getting work done because you have to "third-guess" what the OS might "second-guess" to get done what you really want:
instead of doing A we have to pretend we want D so that the OS thinks what we really want is C and therefore claims doing B while in fact doing A.
This is the mental gymnastics i can do without. Instead of having to anticipate the anticipation of the reinterpretation of my real motives just to get what i want i'd rather do my work using the computer as an (unthinking but efficient) tool and keep the thinking to myself. No, i don't think i am in a minority.
I hope this helps.
bakunin
/PS: if you try to make an intelligent system "idiot-resistant" chances are you end up with a very idiotic system which is resistant against any intelligent use one could make of it. Applying this to your case it means: if a user uses "-f" to override "-i" he might - as well as being ignorant - have a certain reason for that. By trying to override this you do not make the system one iota more secure but a lot less usable.
If someone would be dumb enough to voluntary override the default "-i" switch with the "-f" switch to have a wrong file deleted - don't you think this same person would also be dumb enough to answer an enforced question of "do you really want to delete ...." with "yes"?. So maybe the complete removal of "rm" would help? Yes and no: the user might not be able to delete the file but he still can shorten it to 0 bytes. So take away
vi,
sed,
awk and all the other possibly file-changing commands - AND FINALLY THE SHELL itself, because one could simply redirect into the file, yes? You have finally gotten your wish: the system is completely secure - and completely unusable too! Congrats!