Enterprise Unix Roundup -- Tugging SCO's Strings

by Michael Hall

Early speculation that BayStar's threat to call back in $20 million in financing might represent a swift demise for SCO was squelched when BayStar said it's the product line that has to go. Delegating super-user privileges to assistant administrators? Then sudo might be for you.

Main   In Other News    Security Roundup   Tips of the Trade

There's no denying SCO has had better weeks than this one. Consider:

  • Late last week, SCO investor BayStar called back $20 million of its investment in the company. The news seemed to trigger a plummet in SCO's stock and may have been behind a shakeup in the company's management.
  • Open Source Risk Management (OSRM, previously covered here), says its six-month investigation of the Linux kernel revealed no copyright infringement. It's going to begin offering insurance to enterprises and developers using Linux to guarantee a vigorous legal defense if SCO comes a' knocking.
  • For whatever reason, Red Hat's back in court asking that its suspended lawsuit against SCO be resumed, thus renewing the possibility of another front being opened in SCO's ongoing litigation wars.

BayStar's silence on its request for a refund was a source of much idle speculation through the early part of this week. This changed when news broke Wednesday that the investor, perhaps realizing that merely prying its $20 million from SCO would be fairly difficult, commented on what SCO must do to restore its confidence. In short, the investor said SCO must get new management, quit being so publicly obnoxious, and (to the likely dismay of Linux supporters who might have hoped BayStar perceived a legal Vietnam in the making) quit worrying about pushing product because "it is diverting resources from going where they would have the most value -- the intellectual property process."

SCO's initial response seemed moderately defiant, with spokesman Blake Stowell saying the company's board likes its management and SCO's UNIX products are its core.

In this case, we're inclined to think the investment guys have it straight, at least where product is concerned: SCO wouldn't be on its rampage if it were doing well in its intended market; it simply isn't, and it hasn't been since some time in past decade.

But where many pundits spent the last week calling BayStar's demand for a refund a potential death blow, we're not so sure. Our interpretation of the company's remark about "the intellectual property process" being where SCO needs to spend its time is that BayStar considers its millions well-spent if they continue to be directed at suing the pants off anyone who knows how to spell "UNIX" and once used a dumb terminal connected to a Unix derivative. It might not be the best way to win friends (and BayStar does appear to be concerned about SCO's antagonistic penchant for "open letters" and public carping), but the venture capital firm seems to think this is a way to turn a tidy profit.

In Other News

» We were moderately entertained to see Linus Torvalds recently shoot down kvetching from SUSE's CTO about the practice of "backporting" in the Linux kernel. Backporting is the process of taking features from the newest Linux kernel (currently 2.6) and introducing them to past kernels. This went on during the move from 2.2 to 2.4 with features like USB support.

So, just who would have an issue with users of slightly older 2.4-based distributions getting useful features from a new kernel? Mainly companies with an investment in pushing commercial versions of Linux like SUSE and, as that linked report indicates, Mandrake. In both cases, there is a dependency on a relatively early release of highly anticipated software, like a new kernel, to drive shrinkwrap sales.

Both companies are piqued by Red Hat's backporting practices, allegedly because of concerns over "fragmentation," but more likely because they realize Red Hat can take its time and burn through a little of its massive lead in the much more conservative enterprise market by promising "more of the same" with the incremental improvements backporting brings. Considering SUSE's recent attempt to flood the field with a less-than-top-secret "review copy," which every hobbyist reviewer in North America seemed to get hold of months before it could be purchased, we can see how Red Hat's backporting might be seen as a bit of counterspin to the marketing game plan.

What should an enterprise user make of the whole thing? We'll just point out, as we have in the past, that there are plenty of good reasons to wait patiently for a new kernel to make its way through the QA process -- however long it takes. We're with Mr. Torvalds and Red Hat on this one.

» In other SUSE news, several places reported Microsoft has hired the SUSE project manager who delivered the city of Munich to Linux during an upgrade from Windows NT4, despite deep discount offers from Microsoft. If ya' can't beat 'em, hire their best sales guy and let him beat 'em -- we guess.

» On Monday, Sun announced several initiatives aimed at boosting Solaris deployments by offering big discounts over comparable Red Hat and Microsoft offerings: $800,000 for a 2,000 unit Solaris deployment comes out to about half as much as 2,000 Red Hat ES subscriptions, and about a fifth as much as Windows Server 2003 Standard Edition with support.

» Did you ever think you'd see the day when a Web site reviewed Apple's enterprise Unix offerings? This is the week for it.

Main    In Other News   Security Roundup   Tips of the Trade

Security Roundup

Tips of the Trade

Do you ever need to share management responsibilities with another admin on one of your servers? Ever wish there was a way to avoid giving up your precious root password so another admin could run just one or two commands? Consider sudo, which stands for "superuser do." Sudo provides a way to delegate the ability to run some commands (such as, for example, letting your DNS guru restart a DNS daemon after a configuration change) without giving away the farm. Under OS X, the usefulness of sudo is so well understood that the traditional su command (which allows users to log in as root) is not available by default, and the operating system takes administrative instructions only from an administrative user using sudo.

Column length constraints limit our painting of sudo's complexity to broad strokes.

Sudo's basic usage is very simple:

sudo ifup eth0, for example, allows a normally unprivileged user to run the command "ifup eth0" without necessitating root user privileges.

Depending on how sudo is configured, the user might be prompted for his own password before the command runs. This provides some extra security in case the assistant admin running the job wanders off to the soda machine while malicious crackers are roaming the cube farm.

Underneath that simple command syntax, though, is some pretty involved plumbing.

Sudo is driven by the file /etc/sudoers, which establishes several bits of information sudo relies on (such as which users belong to specific sudo-recognized groups). The hosts from these users may run commands as the root user, whether or not the users require passwords to run these commands (in case a malicious user comes across an unsecured terminal belonging to a sudo-enabled user), and it allows for aliasing of specific commands to save you some typing.

/etc/sudoers is involved enough that editing it with a standard text editor is discouraged: A program called visudo provides a way to edit /etc/sudoers with some syntax checking. Brush up on your vi before wading into visudo, though.

Sudo provides one other useful feature: Once a user has invoked it and entered her password, she won't have to re-enter it for a five minute window. This makes things a little more convenient for users who have to enter a series of commands, or who must re-enter a command they messed up.

Even if you don't have any other users on your system who need root access, consider using sudo for your own non-root unprivileged identity. (You do have one, right?) With sudo, you create a small firewall of hesitation against blithely entering the wrong command and carelessly taking out your root partition or bringing down your storefront's database backend. You also minimize the need to "become root," with its attendant perils, should you forget to log back out into your "real" identity.

If sudo isn't available on your system, it is obtainable from the project home page.

>> To Main
>> To Other News

This article was originally published on Thursday Apr 22nd 2004
Mobile Site | Full Site