Re: Debian for kids

To: Debian Development <debian-devel@lists.debian.org>
Subject: Re: Debian for kids
From: Ben Armstrong <synrg@sanctuary.nslug.ns.ca>
Date: Thu, 3 Feb 2000 08:07:58 -0400 (AST)
Message-id: <Pine.LNX.3.96.1000203075821.2074B-100000@sanctuary.nslug.ns.ca>
In-reply-to: <20000202201038.A780@plato.localdomain.local>

On Wed, 2 Feb 2000, Ethan Benson wrote:
> well chown can only be used by root, so its not a problem, chmod can
> only affect there own files, but it could create a temporary problem i
> suppose.. (chmod -R 0 .) passwd like i said need not have its
> permissions changed since access can be better controlled through use
> of PAM.

Ah, we are fragmenting into specific implementation discussions now. :)
Oh well, it was bound to happen.  In general, I think the measures that
need to be taken with kids are going to be a matter of parental choice.
I don't think anything needs to be done proactively about chmod or passwd,
but if you have a *particular* problem with these commands and your
children, you might need to do something.  Really, I just wanted to
illustrate how frustrating and challenging it can be to administer a
system for your kids, and how it calls on all of your creativity as an
administrator to keep it running smoothly.  I'd like to see a document
with some tips for parent administrators in a sort of FAQ.  The passwd
example is great, not just because it is my example ;) but because it has
the potential to inconvenience kids and parents alike, and has a very
clever and non-obvious solution (the pam-based one).  That's the sort of
thing I'd like to see go in there.

> using sudo to give the permissions back is not a good idea however,
> chmod for example does not run as root, its not suid, allowing someone
> to use sudo with chmod allows them to run it as root and change
> permissions on anything.  a better option for chmod would have to be
> using a special group and changing its permissions to 750.  (though if
> they really wanted it back they can download and compile chmod from
> source.

Again, we're straying from "kids doing things at random to break the
system" and venturing towards "kids doing deliberate and malicious things
to break the system".  I think the former is the most likely thing for
parents to encounter with young kids, and should remain our focus.  The
latter is venturing into the area of system security, and is a different
topic best handled by a security group, not by the Debian kids' group.
(Though pointers from our documentation to theirs is more than likely
appropriate at some point.)  Some modest amount of protecting personal
data in home directories is necessary with kids, but beyond that, I would
not expect to have to implement tough security measures with my kids
ranging in age from nearly two to nearly ten.

Ben
-- 
    nSLUG       http://www.nslug.ns.ca      synrg@sanctuary.nslug.ns.ca
    Debian      http://www.debian.org       synrg@debian.org
[ pgp key fingerprint = 7F DA 09 4B BA 2C 0D E0  1B B1 31 ED C6 A9 39 4F ]
[ gpg key fingerprint = 395C F3A4 35D3 D247 1387  2D9E 5A94 F3CA 0B27 13C8 ]

Reply to:

Follow-Ups:
- Re: Debian for kids
  - From: Ethan Benson <erbenson@alaska.net>

References:
- Re: Debian for kids
  - From: Ethan Benson <erbenson@alaska.net>

Prev by Date: Re: Bug#56821: [POSSIBLE GRAVE SECURITY HOLD]
Next by Date: Packaged: pflogsumm (postfix log analyzer)
Previous by thread: Re: Debian for kids
Next by thread: Re: Debian for kids
Index(es):
- Date
- Thread