[747] in linux-security and linux-alert archive

home help back first fref pref prev next nref lref last post

[linux-security] standard users,groups,perms?

daemon@ATHENA.MIT.EDU (Jeffrey J. Radice)
Wed Jun 5 13:29:23 1996

From: jjr@zilker.net (Jeffrey J. Radice)
To: linux-security@tarsier.cv.nrao.edu
Date: Tue, 4 Jun 1996 14:39:23 -0500 (CDT)

[Mod: Please direct replies to the post's author, unless the reply is
specifically intended for a "general" audience.  This subject has had a
go-around here before, to some extent.  Thanks!  --Jeff.]

I am interested in whether there is any de-facto standard for sysem-level
users and groups, and for ownerships/permissions/setuid bits for files
on a Linux system.  The FSSTND group effectively dodges the issue (from
the fsstnd FAQ):

 Q)  Why doesn't the standard specify the system-level users/groups and
 proper ownerships/permissions/setuid bits for everything?

 A)  We feel that this is, primarily, a local issue.  Many sites
 have their own local user-id/group-id setup, and linux boxes will
 have to be integrated with those.  What's more, there is very little
 gain from standardizing these across all linux machines, as it
 typically is not essential to allow binary distributions.

It seems to me that this is a valid topic of discussion for the
security list, so I am raising it here.  It seems to me that there
is something to be gained (understanding, security) by standardizing
at least the system-level users and groups.

I have rolled my own distribution of Linux, and I've been dodging this
issue for quite some time.  I'm getting ready to add shadow passwords,
and user accounts, so I need to settle on some (at least site-specific)
standard.  I don't know where to start, however.

I have been unable to find any document that cares to broach the issue.
This seems to be ignored, or barely addressed in the books I've read
about UNIX security.  Is this something that is left up to makers of
distributions?  I have looked at how Slackware handles system
users/groups/perms.  I would like a better understanding of the security
issues surrounding this.  Is there any documentation for the Linux
community on this issue?  If not, would somebody kindly suggest to me
a viable system that I could implement.

I've compiled the following chart based on my own understandings.
I'm not sure that there is a need for so many system users or groups
(eg. why would I have certain files/directories owned by a specific
non-root user and not root?)  Could somebody critique this?

Users:
-----
  name   uid    home              purpose
  ----   ---    ----              -------
  root    0     /root             SuperUser.
  nobody 65534   --               NullUser.

System (1-9)
  daemon  1     /tmp              Run daemon (crond,lpd) processes.
  bin     2     /                  Own binaries (bin,sbin,etc) directories.
  sys     3     /                  Own systems (lib,include,kernel) dirs.
  adm     4     /var/adm           Own administrative (/var/adm,...) dirs.
<are the above three necessary; what are they traditionally used for?>
  uucp    5     --                Run modem operations.
 operator 6     --                Run operation (non-root) procs. ??
  info    7     --                Own information (man,info,doc) dirs.

Servers (10-100)
  www    10     /usr/local/www    Run www procs.
  samba  20     /usr/local/samba  Run samba procs. (Not Nobody!)

Users   (100-)
 Accounts for actual users.

------
Groups:
-------
  name     no.   members                 perms
  ----     ---   -------                 -----
  wheel    0    'su'capable             rx  for Secured items, all purpose.
<I understand the traditional use of the wheel group, though I don't think
 I need it if using sudo.  Is there any benefit to naming group 0 root
 instead of wheel, or something else?>
  nogroup 65534   nobody                --- Group for nobody (no other use).

System
  daemon   1       -- (root)            rwx for spooling & file xfers.
<What group should root have as primary membership, group 0 or group 1?>
  kmem     2       --                   rx  for memory/kernel reading progs.
  tty      4       --                   rw  for ttys (+x for access to ttys).

Administrators (keep access to the tasks separate)
 Access to binaries/logs
  bin      3    Bin admin.              rwx for admin. (sbin) binaries.
  operator 5    Etc admin.              rwx for admin (etc) texts.
  adm      6    Log admin.              r   for system logs, rx for u/wtmp.
<Is there any benefit or cost to splitting these groups up like this?>  

 Staff group
  staff    10   staff                   --- Primary GCOS group for staff.

 Access to texts/sources
  src      11   Src admin.              rw  for source dirs/files.
  info     12   Doc admin.              rw  for info (man,doc,info) dirs/files.
  www      13   Web admin.              rw  for www files.

 Access to devices
  lp       20   Printer.                rwx for lpr.
  disk     21   Disks.                  rwx for disks (mounting,floppy...).
  dos      22   Dos partitions.         rw  for dos partitions (samba...).

Purgatory
  other    30   --                     r   for Non-secure items, all purpose.

Users
  user   1000   Default User Group


Can somebody make sense of all this for me.  It seems that I may have made
things a bit too complex?  Is there any benefit to simplifying and making
most things simply root.wheel owned, or is there any benefit to splitting
ownership into different levels of access?  Is there anything I've left
out?  I also would like further information about standard permissions.

All criticism/commentary is welcome.

-jjr

Jeffrey J. Radice	jjr@simpson.com		    Defensive Generalist
http://oj.simpson.com   Box 4343, Austin, TX 78765  	    512-432-4757

home help back first fref pref prev next nref lref last post