Softpanorama

May the source be with you, but remember the KISS principle ;-)
Contents Bulletin Scripting in shell and Perl Network troubleshooting History Humor

NFS Security

News NFS Recommended Links Mounting NFS directory owned by root Troubleshooting Solaris NFS Problems ACL Permissions for Directories Modification of ls to display ACLS
ZFS Solaris ACLs The ACL mask getfacl, setfacl Tips Humor Etc

NFS is a widely-used file sharing protocol. It allows servers running nfsd and mountd to "export" entire file systems to other machines using NFS filesystem support built in to their kernels (or some other client support if they are not Linux machines). mountd keeps track of mounted file systems in /etc/mtab, and can display them with showmount.

Corporations often prohibit NFS within DMZ. That made sense for NFS v 2, not not so much for NFS v.3 and, especially, v.4.

The key here is to understand that NFS (v. 3 and, especially, 4, but not v.2) is more secure that FTP and more that other RPC-based protocols such as rsync. It contains formidable set of secure settings (as mounting setting) that are vastly superior to those that are available in best FTP daemons.

For example NFS is perfect for making backups. The key here is that backup files are not executable and partition can be mounted with attributes soft, noacl, noexec, nosuid.  

Many sites use NFS to serve home directories to users, so that no matter what machine they login to, they will have all their home files.  If done with nosuid attribute there is no obvious degradation of security by exporting home directories (Solaris-style export).

You can also make your nfsd map the remote root user (uid=0) to the nobody user, denying them total access to the files exported. However, since individual users have access to their own (with the same uid) files, the remote root user can login or su to their account and have total access to their files.

If you must use NFS, make sure you export to only those machines that you really need to. Never export your entire root directory; export only directories you need to export.

NFSv4 is can be additionally secured via  Kerberos. There are multiple implementations, but the dominant is  "MIT Kerberos".

The NFSv4 also introduces a new ACL (Access Control List) format that introduces more detailed file security attributes, making NFSv4 controlled files more secure. Several operating systems like AIX 5.3 and  Sun Solaris (ZFS only) have implemented NFSv4 ACL in their filesystems. There have pretty Christmas tree style set of permissions (which violates classic rule of seven, see the list below). It is overly complex for normal system administrator (who usually have problems even with simplistic in comparison classic Unix permissions model: few people understand SUID/SGID attributes and the fact that that the ability to write to the directory permits deleting files in it). As such it the net effect can be not so much enhanced security, but the ability to create a security holes that are difficult to detect. Lets look more closely at those new granular permissions:

  1. read_data: Ability to read the contents of a file
  2. write_data: Ability to modify an existing file
  3. list_directory: Ability to list the contents of a directory
  4. add_file: Ability to add a new file to a directory
  5. append_data: Ability to modify an existing file, but only from EOF
  6. add_subdirectory: Ability to create subdirectories
  7. read_xattr: Ability to read extended attributes
  8. write_xattr: Ability to write extended attributes
  9. execute: Ability to execute a file
  10. delete_child: Ability to delete a file within a directory
  11. read_attributes: Ability to read basic attributes (non-ACL) of a file (ie: ctime, mtime, atime, etc)
  12. write_attributes: Ability to write basic attributes to a file or directory (ie: atime, mtime)
  13. delete: Ability to delete a file
  14. read_acl: Ability to read the ACL
  15. write_acl: Ability to modify the ACL (needed to use chmod or setfacl)
  16. write_owner: Ability to use chown to change ownership of a file
  17. synchronize: Ability to access file locally via synchronous reads and writes

Solaris has better, more stable NFSv4 implementation then Linux.  It fully implement NFSv4 ACLs.  See NFSv4 ACLS: Where are we going?  IBM AIX  implementation  is also very good.


Top Visited
Switchboard
Latest
Past week
Past month

NEWS CONTENTS

Old News ;-)

IBM Cluster information center

GPFS V3.1 Administration and Programming Reference
SA23-2221-00
NFS V4 access requires that an NFS V4 ACL be returned to clients whenever the ACL is read. This means that if a traditional GPFS ACL is associated with the file, a translation to NFS V4 ACL format must be performed when the ACL is read by an NFS V4 client. Since this translation has to be done, an option (-k nfs4) is provided on the mmgetacl and mmeditacl commands, so that this translation can be seen locally as well.

It can also be the case that NFS V4 ACLs have been set for some file system objects (directories and individual files) prior to administrator action to revert back to a POSIX-only configuration. Since the NFS V4 access evaluation will no longer be performed, it is desirable for the mmgetacl command to return an ACL representative of the evaluation that will now occur (translating NFS V4 ACLs into traditional POSIX style). The -k posix option returns the result of this translation.

Users may need to see ACLs in their true form as well as how they are translated for access evaluations. There are four cases:
  1. By default, the mmgetacl command returns the ACL in a format consistent with the file system setting:
    • If posix only, it is shown as a traditional ACL.
    • If nfs4 only, it is shown as an NFS V4 ACL.
    • If all formats are supported, the ACL is returned in its true form.
  2. The command mmgetacl -k nfs4 always produces an NFS V4 ACL.
  3. The command mmgetacl -k posix always produces a traditional ACL.
  4. The command mmgetacl -k native always shows the ACL in its true form, regardless of the file system setting.

In general, users should continue to use the mmgetacl and mmeditacl commands without the -k flag, allowing the ACL to be presented in a form appropriate for the file system setting. Since the NFS V4 ACLs are more complicated and therefore harder to construct initially, users that want to assign an NFS V4 ACL should use the command mmeditacl -k nfs4 to start with a translation of the current ACL, and then make any necessary modifications to the NFS V4 ACL that is returned.

Parent topic: NFS V4 ACL administration

Related concepts
 

NFS V4 ACL Syntax

GPFS exceptions and limitations to NFS V4 ACLs

Related tasks
 

Setting NFS V4 access control lists

Displaying NFS V4 access control lists

Applying an existing NFS V4 access control lists

Changing NFS V4 access control lists

Deleting NFS V4 access control lists

[Sep 3, 2009] Working with filesystems using NFSv4 ACLs  by Samyak Jain

Jun 02,  2009  | IBM DeveloperWorks

Filesystems using NFS4 ACL

The NFSv4 (Network File System – Version 4) protocol introduces a new ACL (Access Control List) format that extends other existing ACL formats. NFSv4 ACL is easy to work with and introduces more detailed file security attributes, making NFSv4 ACLs more secure. Several operating systems like IBM® AIX®, Sun Solaris, and Linux® have implemented NFSv4 ACL in their filesystems.

Currently, the filesystems that support NFSv4 ACL in IBM AIX 5L version 5.3 and above are NFSv4, JFS2 with EAv2 (Extended Journaled Filesystem with Extended Attributes format version 2), and General Parallel Filesystem (GPFS). In Sun Solaris, this ACL model is supported by ZFS. In RedHat Linux, NFSv4 supports NFSv4 ACLs.


Back to top

What is an ACL?

An Access Control List (ACL) is used to specify access permissions to filesystem objects, like files and directories. Is a list of many Access Control Entries (ACEs), in which each entry defines a user or a group, and different permissions to each of them.


Back to top

About ZFS ACLs

ZFS file system, introduced by Sun, is available in the Solaris 10 OS pack.

ZFS supports the NFSv4 ACL model, and has implemented the commands in the form of new options to the existing ls and chmod commands. Thus, the ACLs can be set and displayed using the chmod and ls commands; no new command has been introduced. Because of this, it is very easy to work with ACLs in ZFS.

ZFS ACL format

ZFS ACLs follow a well-defined format. The format and the entities involved in this format are:


Syntax A
 
                
ACL_entry_type:Access_permissions/…/[:Inheritance_flags]:deny or allow
      

 

ACL_entry_type includes "owner@", "group@", or "everyone@".

For example:

group@:write_data/append_data/execute:deny


Syntax B
 
                
ACL_entry_type: ACL_entry_ID:Access_permissions/…/[:Inheritance_flags]:deny or allow
      

 

ACL_entry_type includes "user", or "group".

ACL_entry_ID includes "user_name", or "group_name".

For example:

user:samy:list_directory/read_data/execute:allow


Inheritance flags
 
          
f : FILE_INHERIT
d : DIRECTORY_INHERIT
i : INHERIT_ONLY
n : NO_PROPAGATE_INHERIT
S : SUCCESSFUL_ACCESS_ACE_FLAG
F : FAILED_ACCESS_ACE_FLAG

 

Listing ACLs of ZFS files and directories

ACLs can be listed using the ls command using the -v and -V options. For listing directory ACLs, use the -d option.

Operation Command
Listing ACL entries of files ls –[v | V] <file_name>
Listing ACL entries of dirs ls –d[v | V] <dir_name>

Example for listing ACLs of a file
 
ls -v file.1
-rw-r--r-- 1 root root 2703 Nov 4 12:37 file.1
0:owner@:execute:deny
1:owner@:read_data/write_data/append_data/write_xattr/write_attributes/
       write_acl/write_owner:allow
2:group@:write_data/append_data/execute:deny
3:group@:read_data:allow
4:everyone@:write_data/append_data/write_xattr/execute/write_attributes/
       write_acl/write_owner:deny
5:everyone@:read_data/read_xattr/read_attributes/read_acl/synchronize:allow


Example for listing ACLs of a directory
 
        
# ls -dv dir.1
drwxr-xr-x 2 root root 2 Nov 1 14:51 dir.1
0:owner@::deny
1:owner@:list_directory/read_data/add_file/write_data/add_subdirectory/
    append_data/write_xattr/execute/write_attributes/write_acl/write_owner:allow
2:group@:add_file/write_data/add_subdirectory/append_data:deny
3:group@:list_directory/read_data/execute:allow
4:everyone@:add_file/write_data/add_subdirectory/append_data/write_xattr /
    write_attributes/write_acl/write_owner:deny
5:everyone@:list_directory/read_data/read_xattr/execute/read_attributes /
    read_acl/synchronize:allow


Example for listing ACLs in a compact format
 
# ls -Vd dir.1
drwxr-xr-x   2 root     root           2 Sep  1 05:46 d
   owner@:--------------:------:deny
   owner@:rwxp---A-W-Co-:------:allow
   group@:-w-p----------:------:deny
   group@:r-x-----------:------:allow
everyone@:-w-p---A-W-Co-:------:deny
everyone@:r-xp--a-R-c--s:------:allow

 

In above examples, ACLs are displayed in a compact format. In this, access permissions and inheritance flags are displayed using masks. One ACL entry is displayed in each line, making the view easier to understand.


Modifying ACLs of ZFS files and directories
 

ACLs can be set or modified using the chmod command. The chmod command uses the ACL-specification, which includes the ACL-format (Syntax A or B), listed earlier.

Operation Command
Adding an ACL entry by index-ID # chmod Aindex_ID+acl_specification filename
Adding an ACL entry for a user # chmod A+acl_specification filename
Removing an ACL entry by index_ID # chmod Aindex_ID- filename
Removing an ACL entry by user # chmod A-acl_specification filename
Removing an ACL from a file # chmod A- filename
Replacing an ACL entry at index_ID # chmod Aindex_ID=acl_specification filename
Replacing an ACL of a file # chmod A=acl_specification filename

Examples of ZFS ACLs modifications


List ACL entries
 
# ls –v a
-rw-r--r--   1 root     root           0 Sep  1 04:25 a
0:owner@:execute:deny
1:owner@:read_data/write_data/append_data/write_xattr/write_attributes/
    write_acl/write_owner:allow
2:group@:write_data/append_data/execute:deny
3:group@:read_data:allow
4:everyone@:write_data/append_data/write_xattr/execute/write_attributes/
    write_acl/write_owner:deny
5:everyone@:read_data/read_xattr/read_attributes/read_acl/synchronize:allow




Add ACL entries
 
# chmod A+user:samy:read_data:allow a
# ls -v a
-rw-r--r--+  1 root     root           0 Sep  1 02:01 a
0:user:samy:read_data:allow
1:owner@:execute:deny
2:owner@:read_data/write_data/append_data/write_xattr/write_attributes/
    write_acl/write_owner:allow
3:group@:write_data/append_data/execute:deny
4:group@:read_data:allow
5:everyone@:write_data/append_data/write_xattr/execute/write_attributes/
    write_acl/write_owner:deny
6:everyone@:read_data/read_xattr/read_attributes/read_acl/synchronize:allow

# chmod A1+user:samy:execute:deny a
# ls -v a
-rw-r--r--+  1 root     root           0 Sep  1 02:01 a
0:user:samy:read_data:allow
1:user:samy:execute:deny
2:owner@:execute:deny
3:owner@:read_data/write_data/append_data/write_xattr/write_attributes/
    write_acl/write_owner:allow
4:group@:write_data/append_data/execute:deny
5:group@:read_data:allow
6:everyone@:write_data/append_data/write_xattr/execute/write_attributes/
    write_acl/write_owner:deny
7:everyone@:read_data/read_xattr/read_attributes/read_acl/synchronize:allow



Replace ACL entries
 
# chmod A0=user:samy:read_data/write_data:allow a
# ls -v
total 2
-rw-r--r--+  1 root     root           0 Sep  1 02:01 a
0:user:samy:read_data/write_data:allow
1:user:samy:execute:deny
2:owner@:execute:deny
3:owner@:read_data/write_data/append_data/write_xattr/write_attributes/
    write_acl/write_owner:allow
4:group@:write_data/append_data/execute:deny
5:group@:read_data:allow
6:everyone@:write_data/append_data/write_xattr/execute/write_attributes/
    write_acl/write_owner:deny
7:everyone@:read_data/read_xattr/read_attributes/read_acl/synchronize:allow


# chmod A=user:samy:read_data/write_data/append_data:allow a
# ls -v a
----------+  1 root     root           0 Sep  1 02:01 a
0:user:samy:read_data/write_data/append_data:allow

 

ACLs can also be modified using the masks instead of specifying complete names.


Modifying ACL entries using masks
 
# ls -V a
-rw-r--r--+  1 root     root           0 Sep  5 01:50 a
user:samy:--------------:------:deny
user:samy:rwx-----------:------:allow
   owner@:--x-----------:------:deny
   owner@:rw-p---A-W-Co-:------:allow
   group@:-wxp----------:------:deny
   group@:r-------------:------:allow
everyone@:-wxp---A-W-Co-:------:deny
everyone@:r-----a-R-c--s:------:allow

# chmod A1=user:samy:rwxp:allow a

# ls -V a
-rw-r--r--+  1 root     root           0 Sep  5 01:50 a
user:samy:--------------:------:deny
user:samy:rwxp----------:------:allow
   owner@:--x-----------:------:deny
   owner@:rw-p---A-W-Co-:------:allow
   group@:-wxp----------:------:deny
   group@:r-------------:------:allow
everyone@:-wxp---A-W-Co-:------:deny
everyone@:r-----a-R-c--s:------:allow



Remove ACL entries
 
# ls -v a
-rw-r-----+  1 root     root           0 Sep  5 01:50 a
0:user:samy:read_data/write_data/execute:allow
1:owner@:execute:deny
2:owner@:read_data/write_data/append_data/write_xattr/write_attributes/
    write_acl/write_owner:allow
3:group@:write_data/append_data/execute:deny
4:group@:read_data:allow
5:everyone@:read_data/write_data/append_data/write_xattr/execute/
    write_attributes/write_acl/write_owner:deny
6:everyone@:read_xattr/read_attributes/read_acl/synchronize:allow

# chmod A- a
# ls -v a
-rw-r-----   1 root     root           0 Sep  5 01:50 a
0:owner@:execute:deny
1:owner@:read_data/write_data/append_data/write_xattr/write_attributes/
    write_acl/write_owner:allow
2:group@:write_data/append_data/execute:deny
3:group@:read_data:allow
4:everyone@:read_data/write_data/append_data/write_xattr/execute/
    write_attributes/write_acl/write_owner:deny
5:everyone@:read_xattr/read_attributes/read_acl/synchronize:allow

# chmod A5- a
# ls -v a
-rw-r-----   1 root     root           0 Sep  5 01:50 a
0:owner@:execute:deny
1:owner@:read_data/write_data/append_data/write_xattr/write_attributes/
    write_acl/write_owner:allow
2:group@:write_data/append_data/execute:deny
3:group@:read_data:allow
4:everyone@:read_data/write_data/append_data/write_xattr/execute/
    write_attributes/write_acl/write_owner:deny



 

Back to top

About JFS2 ACLs

The Enhanced Journaled File System (JFS2) is built into the base AIX operating system. To have the NFSv4 ALC support on JFS2 filesystem, you need to enable "Extended Attribute Format - Version 2" at the time of creating the filesystem. This feature cannot be enabled or disabled once the filesystem is created.

In subsequent references to JFS2, this article assumes that "Extended Attribute Format - Version 2" is enabled.

JFS2 ACL format

The format and the entities involved in this format are:


Syntax
 
IDENTITY ACE_TYPE ACE_MASK INHERITANCE_AND_AUDIT_ATTRS

 Where:
   IDENTITY has format: 'IDENTITY_type:IDENTITY_name(IDENTITY_who):'
      
 Where:
   IDENTITY_type is one of the following:
      u : user
      g : group
      s : special who string (IDENTITY_who must be a special who)
  IDENTITY_name => user/group name
  IDENTITY_who => who string

  ACE_TYPE is one of the following ACE Type:
      a : allow
      d : deny
      l : alarm
      u : audit


Inheritance flags
 
INHERITANCE_AND_AUDIT_ATTRS (Optional) is one or more of the following:
     fi : FILE_INHERIT
     di : DIRECTORY_INHERIT
     oi : INHERIT_ONLY
     ni : NO_PROPAGATE_INHERIT
     sf : SUCCESSFUL_ACCESS_ACE_FLAG
     ff : FAILED_ACCESS_ACE_FLAG

 

Listing ACLs of JFS2 files and directories

JFS provides the following commands related to ACLs.

Operation Command
Display ACLs of a file aclget <filename>
Set ACLs of a file aclput [-i infile] [-t acl_type] [-v] <filename>
Edit ACLs of a file acledit [-t acl_type] <filename>
Converts ACLs of a file from one type to another aclconvert [ -R ] -t <acltype> <filename>
Gets ACL types supported by a file system path aclgettypes <filename>

In JFS2 partition, AIX Classic (AIXC) ACLs are enabled by default, and not NFS4 ACLs. You need to convert the AIXC ACLs to NFS4.

The following command lists the ACLs of a new file in JFS2 partition:


Display ACLs
 
# aclget file1
*
* ACL_type   AIXC
*
attributes:
base permissions
    owner(root):  rw-
    group(system):  r--
    others:  r--
extended permissions
    disabled

 

In this example, AIXC shows that these are the AIX classic ACLs.

To convert to any other type, you need to know what ACL types are supported by this filesystem.


Display supported ACL types:
 
# aclgettypes file1
Supported ACL types are:
        AIXC
        NFS4


 

Now, you can convert the AIXC ACLs to NFS4 as follows:


Convert ACLs from AIX classic form to NFSv4 form
 
# aclconvert -t NFS4 file1
# aclget a
*
* ACL_type   NFS4
*
*
* Owner: root
* Group: system
*
s:(OWNER@):     a       rwpRWaAdcCs
s:(OWNER@):     d       xo
s:(GROUP@):     a       rRadcs
s:(GROUP@):     d       wpWxACo
s:(EVERYONE@):  a       rRadcs
s:(EVERYONE@):  d       wpWxACo


 

Modifying ACLs of JFS2 files and directories

To modify the ACLs, you can use either the aclput or acledit command. The best way to set the ACLs is first to get the ACLs of a file using the aclget command, and save it in a file. Then, modify the ACLs in that file, and store them using aclput –i <input_acl_file>.

The acledit command uses an editor to display and modify the ALCs. You need to set the environment variable EDITOR before you use the acledit command.

To avoid converting the ACLS of new files from AIXC type to NFS4 inside a directory each time, set the appropriate Inheritance flag in that directory.

The previous commands can also be used for NFSv4 filesystem to manage NFSv4 ACLs on AIX

Recommended Links

Softpanorama hot topic of the month

Softpanorama Recommended


Etc

FAIR USE NOTICE This site contains copyrighted material the use of which has not always been specifically authorized by the copyright owner. We are making such material available in our efforts to advance understanding of environmental, political, human rights, economic, democracy, scientific, and social justice issues, etc. We believe this constitutes a 'fair use' of any such copyrighted material as provided for in section 107 of the US Copyright Law. In accordance with Title 17 U.S.C. Section 107, the material on this site is distributed without profit exclusivly for research and educational purposes.   If you wish to use copyrighted material from this site for purposes of your own that go beyond 'fair use', you must obtain permission from the copyright owner. 

ABUSE: IPs or network segments from which we detect a stream of probes might be blocked for no less then 90 days. Multiple types of probes increase this period.  

Society

Groupthink : Two Party System as Polyarchy : Corruption of Regulators : Bureaucracies : Understanding Micromanagers and Control Freaks : Toxic Managers :   Harvard Mafia : Diplomatic Communication : Surviving a Bad Performance Review : Insufficient Retirement Funds as Immanent Problem of Neoliberal Regime : PseudoScience : Who Rules America : Neoliberalism  : The Iron Law of Oligarchy : Libertarian Philosophy

Quotes

War and Peace : Skeptical Finance : John Kenneth Galbraith :Talleyrand : Oscar Wilde : Otto Von Bismarck : Keynes : George Carlin : Skeptics : Propaganda  : SE quotes : Language Design and Programming Quotes : Random IT-related quotesSomerset Maugham : Marcus Aurelius : Kurt Vonnegut : Eric Hoffer : Winston Churchill : Napoleon Bonaparte : Ambrose BierceBernard Shaw : Mark Twain Quotes

Bulletin:

Vol 25, No.12 (December, 2013) Rational Fools vs. Efficient Crooks The efficient markets hypothesis : Political Skeptic Bulletin, 2013 : Unemployment Bulletin, 2010 :  Vol 23, No.10 (October, 2011) An observation about corporate security departments : Slightly Skeptical Euromaydan Chronicles, June 2014 : Greenspan legacy bulletin, 2008 : Vol 25, No.10 (October, 2013) Cryptolocker Trojan (Win32/Crilock.A) : Vol 25, No.08 (August, 2013) Cloud providers as intelligence collection hubs : Financial Humor Bulletin, 2010 : Inequality Bulletin, 2009 : Financial Humor Bulletin, 2008 : Copyleft Problems Bulletin, 2004 : Financial Humor Bulletin, 2011 : Energy Bulletin, 2010 : Malware Protection Bulletin, 2010 : Vol 26, No.1 (January, 2013) Object-Oriented Cult : Political Skeptic Bulletin, 2011 : Vol 23, No.11 (November, 2011) Softpanorama classification of sysadmin horror stories : Vol 25, No.05 (May, 2013) Corporate bullshit as a communication method  : Vol 25, No.06 (June, 2013) A Note on the Relationship of Brooks Law and Conway Law

History:

Fifty glorious years (1950-2000): the triumph of the US computer engineering : Donald Knuth : TAoCP and its Influence of Computer Science : Richard Stallman : Linus Torvalds  : Larry Wall  : John K. Ousterhout : CTSS : Multix OS Unix History : Unix shell history : VI editor : History of pipes concept : Solaris : MS DOSProgramming Languages History : PL/1 : Simula 67 : C : History of GCC developmentScripting Languages : Perl history   : OS History : Mail : DNS : SSH : CPU Instruction Sets : SPARC systems 1987-2006 : Norton Commander : Norton Utilities : Norton Ghost : Frontpage history : Malware Defense History : GNU Screen : OSS early history

Classic books:

The Peter Principle : Parkinson Law : 1984 : The Mythical Man-MonthHow to Solve It by George Polya : The Art of Computer Programming : The Elements of Programming Style : The Unix Hater’s Handbook : The Jargon file : The True Believer : Programming Pearls : The Good Soldier Svejk : The Power Elite

Most popular humor pages:

Manifest of the Softpanorama IT Slacker Society : Ten Commandments of the IT Slackers Society : Computer Humor Collection : BSD Logo Story : The Cuckoo's Egg : IT Slang : C++ Humor : ARE YOU A BBS ADDICT? : The Perl Purity Test : Object oriented programmers of all nations : Financial Humor : Financial Humor Bulletin, 2008 : Financial Humor Bulletin, 2010 : The Most Comprehensive Collection of Editor-related Humor : Programming Language Humor : Goldman Sachs related humor : Greenspan humor : C Humor : Scripting Humor : Real Programmers Humor : Web Humor : GPL-related Humor : OFM Humor : Politically Incorrect Humor : IDS Humor : "Linux Sucks" Humor : Russian Musical Humor : Best Russian Programmer Humor : Microsoft plans to buy Catholic Church : Richard Stallman Related Humor : Admin Humor : Perl-related Humor : Linus Torvalds Related humor : PseudoScience Related Humor : Networking Humor : Shell Humor : Financial Humor Bulletin, 2011 : Financial Humor Bulletin, 2012 : Financial Humor Bulletin, 2013 : Java Humor : Software Engineering Humor : Sun Solaris Related Humor : Education Humor : IBM Humor : Assembler-related Humor : VIM Humor : Computer Viruses Humor : Bright tomorrow is rescheduled to a day after tomorrow : Classic Computer Humor

The Last but not Least


Copyright © 1996-2016 by Dr. Nikolai Bezroukov. www.softpanorama.org was created as a service to the UN Sustainable Development Networking Programme (SDNP) in the author free time. This document is an industrial compilation designed and created exclusively for educational use and is distributed under the Softpanorama Content License.

The site uses AdSense so you need to be aware of Google privacy policy. You you do not want to be tracked by Google please disable Javascript for this site. This site is perfectly usable without Javascript.

Original materials copyright belong to respective owners. Quotes are made for educational purposes only in compliance with the fair use doctrine.

FAIR USE NOTICE This site contains copyrighted material the use of which has not always been specifically authorized by the copyright owner. We are making such material available to advance understanding of computer science, IT technology, economic, scientific, and social issues. We believe this constitutes a 'fair use' of any such copyrighted material as provided by section 107 of the US Copyright Law according to which such material can be distributed without profit exclusively for research and educational purposes.

This is a Spartan WHYFF (We Help You For Free) site written by people for whom English is not a native language. Grammar and spelling errors should be expected. The site contain some broken links as it develops like a living tree...

You can use PayPal to make a contribution, supporting development of this site and speed up access. In case softpanorama.org is down you can use the at softpanorama.info

Disclaimer:

The statements, views and opinions presented on this web page are those of the author (or referenced source) and are not endorsed by, nor do they necessarily reflect, the opinions of the author present and former employers, SDNP or any other organization the author may be associated with. We do not warrant the correctness of the information provided or its fitness for any purpose.

Last modified: April 22, 2014