[749] in linux-security and linux-alert archive

home help back first fref pref prev next nref lref last post

Re: [linux-security] standard users,groups,perms?

daemon@ATHENA.MIT.EDU (Joseph S. D. Yao)
Wed Jun 5 16:51:39 1996

Date: Wed, 5 Jun 1996 15:31:03 -0400
From: "Joseph S. D. Yao" <jsdy@cais.cais.com>
To: jjr@zilker.net, linux-security@tarsier.cv.nrao.edu

> [Mod: Please direct replies to the post's author, unless the reply is
> specifically intended for a "general" audience.  This subject has had a
> go-around here before, to some extent.  Thanks!  --Jeff.]

I think that the following bears to be said again.  Actually, I don't
find any record of me saying it before in this forum - you've heard me
say this in linux:slp and dc-sage, and perhaps in dc-linux.  I think
that it's still of general interest.

> I'm not sure that there is a need for so many system users or groups
> (eg. why would I have certain files/directories owned by a specific
> non-root user and not root?)  Could somebody critique this?

I always insist that absolutely nothing at all whatsoever on the file
system be owned by root.  Nothing.  At all.  Unless there is no other
way to do it (whatever the "it" might be).  There should be a small set
of accounts whose passwords are protected equally as well as root's,
that are used for maintaining the various parts of the system.  These
would be, e.g., bin, sys, adm, daemon, kmem, mail, uucp, lp, games,
field, etc.  Directories and files - ESPECIALLY setuid programs (and
more of those should be setgid) - should be owned by one of these, and
NOT by root.  This would reduce immensely the number of times that it
would be "necessary" to be root to perform some task or other; and thus
the number of windows of opportunity for certain types of attack - and
for simple mistakes.

[ANECDOTE WITH A RELATED POINT, I THINK]

Recently, at a site whose administrator is in our local SAGE chapter,
someone's helper edited the /etc/password file and accidentally altered
the super-user password.  The /etc/password file was owned by root.  It
couldn't be fixed without resorting to booting a stand-alone system in
a memory disk from the installation media.  That took a while - and an
appeal to the mailing list - to come up with.  Needless.

Joe Yao				jsdy@cais.com - Joseph S. D. Yao

home help back first fref pref prev next nref lref last post