[nSLUG] Policy. WAS Re: Every one in a while....

Daniel Morrison draker at gmail.com
Fri Oct 19 11:41:22 ADT 2007

On 19/10/2007, Jon <me at jonwatson.ca> wrote:
> Search for Policy and then
> Windows within results: 752 million results
> Linux within results: 178 million

Oh come on guys this is ridiculous.

Given the install base of Linux vs. Windows, these results (19% Linux,
81% Windows) are actually favourable towards Linux.

But words like 'policy' and 'granularity' are so generic that this whole
debate is meaningless.

When I hear 'policy' I think a piece of paper that describes the official
procedure an organization has for doing something.

When I hear "Group Policy Objects" I think W2K. But Jon was the first
person to mention this.

The original questions was:

What does "Granular policy-based rights management" really mean?

The answer is: you determine what rights users have based on documented
policies which address or are applied "with granularity", i.e.: to
specific users
or specific situations (e.g. schedule) or specific sections of the environment.

My take on this is that Unix had a half-decent permissions scheme for many
years, while MS didn't. Microsoft created a giant policy framework which,
naturally having the benefit of hindsight, was more flexible and capable than
the Unix model, although much more complicated. Inertia is keeping the Unix
model in place, and things like SELinux have been created to supplement it
in order to provide the "granularity" and flexibility that some modern

Given that this is a Linux list, an immediate response that was very Microsoft
centric was perhaps a bit out of place, and raised some hackles.  On the other
hand, Jon made it very clear in his initial post that it was his
immediate reaction
and not intended to be a comprehensive answer.

So now that we've got all that out in the open, let's either have constructive
discussion about SELinux policies and possibly how they compare with the
current Windows implementation of GPO, or whatever it is, or let's
just let it be.



More information about the nSLUG mailing list