Privacy
Kevin T.Broderick
kbroderick at smcvt.edu
Fri Mar 12 15:03:13 CST 2004
As someone who does sysadmin stuff in a
mostly-Microsoft-yet-still-heterogeneous
environment and runs GnuCash under OS X, I'm feeling a need to weigh in
here. I
do agree that letting the OS handle security is a Good Thing (and it's
actually the
reason I recently told my PowerBook to stop logging in automagically).
As the most recent reply I've seen clearly outlined, it's quite
possible to create
a user specifically for gnucash (or perhaps gnucash and other sensitive
files)
and then su to that user (who is the only non-root user with access to
the files).
It's actually possible to do this in Windows, as well, assuming an
NT-based system
on an NTFS filesystem. I think this is mostly a moot point for
GnuCash, as it doesn't
run on Win32 (AFAIK), but I think it's important to note that *all*
consumer OSen
in current production (both *nix-based like Linux and OS X and Win32)
allow for
filesystem-level protection and, to a lesser degree, running a process
as another
user (Win32's RunAs service doesn't work nearly as well as su).
I'd also like to point out that the alternate-user scenario (i.e. where
a specific
gnucash or bookkeeping user owns the gnucash data files 0600), combined
with a shell script or alias to execute the su commandline, would allow
for
a system-based password prompt anytime someone tries to run gnucash.
Kevin Broderick / kbroderick at smcvt.edu
More information about the gnucash-user
mailing list