[747] in linux-security and linux-alert archive
[linux-security] standard users,groups,perms?
daemon@ATHENA.MIT.EDU (Jeffrey J. Radice)
Wed Jun 5 13:29:23 1996
From: jjr@zilker.net (Jeffrey J. Radice)
To: linux-security@tarsier.cv.nrao.edu
Date: Tue, 4 Jun 1996 14:39:23 -0500 (CDT)
[Mod: Please direct replies to the post's author, unless the reply is
specifically intended for a "general" audience. This subject has had a
go-around here before, to some extent. Thanks! --Jeff.]
I am interested in whether there is any de-facto standard for sysem-level
users and groups, and for ownerships/permissions/setuid bits for files
on a Linux system. The FSSTND group effectively dodges the issue (from
the fsstnd FAQ):
Q) Why doesn't the standard specify the system-level users/groups and
proper ownerships/permissions/setuid bits for everything?
A) We feel that this is, primarily, a local issue. Many sites
have their own local user-id/group-id setup, and linux boxes will
have to be integrated with those. What's more, there is very little
gain from standardizing these across all linux machines, as it
typically is not essential to allow binary distributions.
It seems to me that this is a valid topic of discussion for the
security list, so I am raising it here. It seems to me that there
is something to be gained (understanding, security) by standardizing
at least the system-level users and groups.
I have rolled my own distribution of Linux, and I've been dodging this
issue for quite some time. I'm getting ready to add shadow passwords,
and user accounts, so I need to settle on some (at least site-specific)
standard. I don't know where to start, however.
I have been unable to find any document that cares to broach the issue.
This seems to be ignored, or barely addressed in the books I've read
about UNIX security. Is this something that is left up to makers of
distributions? I have looked at how Slackware handles system
users/groups/perms. I would like a better understanding of the security
issues surrounding this. Is there any documentation for the Linux
community on this issue? If not, would somebody kindly suggest to me
a viable system that I could implement.
I've compiled the following chart based on my own understandings.
I'm not sure that there is a need for so many system users or groups
(eg. why would I have certain files/directories owned by a specific
non-root user and not root?) Could somebody critique this?
Users:
-----
name uid home purpose
---- --- ---- -------
root 0 /root SuperUser.
nobody 65534 -- NullUser.
System (1-9)
daemon 1 /tmp Run daemon (crond,lpd) processes.
bin 2 / Own binaries (bin,sbin,etc) directories.
sys 3 / Own systems (lib,include,kernel) dirs.
adm 4 /var/adm Own administrative (/var/adm,...) dirs.
<are the above three necessary; what are they traditionally used for?>
uucp 5 -- Run modem operations.
operator 6 -- Run operation (non-root) procs. ??
info 7 -- Own information (man,info,doc) dirs.
Servers (10-100)
www 10 /usr/local/www Run www procs.
samba 20 /usr/local/samba Run samba procs. (Not Nobody!)
Users (100-)
Accounts for actual users.
------
Groups:
-------
name no. members perms
---- --- ------- -----
wheel 0 'su'capable rx for Secured items, all purpose.
<I understand the traditional use of the wheel group, though I don't think
I need it if using sudo. Is there any benefit to naming group 0 root
instead of wheel, or something else?>
nogroup 65534 nobody --- Group for nobody (no other use).
System
daemon 1 -- (root) rwx for spooling & file xfers.
<What group should root have as primary membership, group 0 or group 1?>
kmem 2 -- rx for memory/kernel reading progs.
tty 4 -- rw for ttys (+x for access to ttys).
Administrators (keep access to the tasks separate)
Access to binaries/logs
bin 3 Bin admin. rwx for admin. (sbin) binaries.
operator 5 Etc admin. rwx for admin (etc) texts.
adm 6 Log admin. r for system logs, rx for u/wtmp.
<Is there any benefit or cost to splitting these groups up like this?>
Staff group
staff 10 staff --- Primary GCOS group for staff.
Access to texts/sources
src 11 Src admin. rw for source dirs/files.
info 12 Doc admin. rw for info (man,doc,info) dirs/files.
www 13 Web admin. rw for www files.
Access to devices
lp 20 Printer. rwx for lpr.
disk 21 Disks. rwx for disks (mounting,floppy...).
dos 22 Dos partitions. rw for dos partitions (samba...).
Purgatory
other 30 -- r for Non-secure items, all purpose.
Users
user 1000 Default User Group
Can somebody make sense of all this for me. It seems that I may have made
things a bit too complex? Is there any benefit to simplifying and making
most things simply root.wheel owned, or is there any benefit to splitting
ownership into different levels of access? Is there anything I've left
out? I also would like further information about standard permissions.
All criticism/commentary is welcome.
-jjr
Jeffrey J. Radice jjr@simpson.com Defensive Generalist
http://oj.simpson.com Box 4343, Austin, TX 78765 512-432-4757