freedman@euclid.math.temple.edu (Avi Freedman) (12/16/89)
I have heard that it is faster to turn off security on SCO Unix. Is this true? (For filesystem acces, especially?) Besides, it really annoyed me when I told one of my users "Oh, just get the .newsrc in my directory ~freedman" and it was mode 600. It says something in the manuals about leaving the modes at 600 for auth to work. If I relax security, should changing this work fine? By the way... The new HardCache/ESDI controller from Compu- Add is quite awesome. With the cache turned OFF, I bench- marked 750K/sec reads under DOS with my Priam 630 330MB drive (haven't tried under Unix yet), and with just 256K it claims (according to on-board statistics) a hit ratio of 93%, just from read-ahead, I imagine. I'm sorely tempted to bump the thing up to 4MB!!! - Avi Freedman freedman@euclid.math.temple.edu
caf@omen.UUCP (WA7KGX) (12/18/89)
In my perception, the C2 stuff doesn't slow things down,
just makes certain things illegal, and a wounded system
may be more unfriendly with the C2.
According to the doco, you can't have uucp et al and still be
C2. I shall leave it to the user to ponder the question: can
Unix (as we know and love it) really be C2?
P.S. I'm not a spook, just ran Unix with C2 on till I though it
was bumping into things, then turned it off ("relax security").
Didn't notice any change excpet for ps -ef. Of course things
might have been a bit slower with process accounting turned on.uhclem@trsvax.UUCP (12/18/89)
<>
R2>P.S. I'm not a spook, just ran Unix with C2 on till I though it
R2>was bumping into things, then turned it off ("relax security").
R2>Didn't notice any change excpet for ps -ef. Of course things
R2>might have been a bit slower with process accounting turned on.
Just returned from a SCO-sponsered Open Desktop presentation.
One of the things that came out of that was that you can NEVER turn
C2 "OFF" entirely. You can just turn some of it off with the
"relax" option. For instance, C2 breaks multiple-group support, and it was
asked if "relax"ing would let you use multi-groups. The answer
SCO gave the group was "Uh, not yet, maybe in 5.3.2." (It also plays
havoc with NFS, old and HDB UUCP, and who knows what else. SCO also said
that 'su' to root was completely illegal thanks to C2. Does anyone know
if this is true under "relax"ed conditions?)
An interesting thought is how can 5.3 get certified as C2 with a way to
bypass C2, ie, "relax"?
In fact, "5.3.2 should fix that" was the answer to many questions that would
affect someone thinking about upgrading to UNIX 5.3 (with or without OpenDesk)
from an earlier XENIX/UNIX system. Too many things have been broken and
*may* be fixed in some future release for me to want to migrate now.
So, when will 5.3.2 be out and what will it fix? SCO?
<My opinion, and not that of my employer who probably thinks OpenDesk
is competition to DeskMate anyway.>
"Thank you, Uh Clem."
Frank Durda IV @ <trsvax!uhclem>
...decvax!microsoft!trsvax!uhclem
...hal6000!trsvax!uhclemcaf@omen.UUCP (WA7KGX) (12/21/89)
In article <196500037@trsvax> uhclem@trsvax.UUCP writes:
: ... (It also plays
:havoc with NFS, old and HDB UUCP, and who knows what else.
I don't know about old uucp, but Bews and the HDB UUCP that comes with
SCO Unix worked normally before security was relaxed.
SCO also said
:that 'su' to root was completely illegal thanks to C2. Does anyone know
:if this is true under "relax"ed conditions?)
There are some subtle differences in how rc.d/* scripts work. However,
sushi programs work just fine for file deletes, etc.
Your results may vary, but the only thing that I need to do that I can't
easily do with the current ODT/Unix is: compile/link a moderately massive
(200k) 286 large model program. My workaround was to establish a
phantom root populated with Xenix 2.2 DEV SYS files as needed (chroot(1)).
Please note that 286 programs that have to be run by the emulator won't
SUID properly. This is a problem for all 386 Unix's. 386 Xenix executed
286 programs directly and doesn't have this problem.
Bottom line: If you lust for the new toys and/or faster file system, and
have some memory to spare, SCO Unix is here and now. Otherwise, if it
(386 Xenix) ain't broke why fix it?
"Most of these vi experts know what they do from
studying the source code, not by reading the
manual." -- Ray Swartz
Chuck Forsberg WA7KGX ...!tektronix!reed!omen!caf
Author of YMODEM, ZMODEM, Professional-YAM, ZCOMM, and DSZ
Omen Technology Inc "The High Reliability Software"
17505-V NW Sauvie IS RD Portland OR 97231 503-621-3406
TeleGodzilla:621-3746 FAX:621-3735 CIS:70007,2304 Genie:CAF