[756] in linux-security and linux-alert archive

home help back first fref pref prev next nref lref last post

Re: [linux-security] standard users,groups,perms?

daemon@ATHENA.MIT.EDU (shaggenbunsenburner)
Mon Jun 10 14:10:43 1996

Date: Thu, 6 Jun 1996 17:57:06 -0400 (EDT)
From: shaggenbunsenburner <shagboy@thecia.net>
To: Richard Black <Richard.Black@cl.cam.ac.uk>
cc: "Jeffrey J. Radice" <jjr@zilker.net>, linux-security@tarsier.cv.nrao.edu,
        Richard.Black@cl.cam.ac.uk
In-Reply-To: <E0uRel9-0004BI-00@heaton.cl.cam.ac.uk>

On Thu, 6 Jun 1996, Richard Black wrote:

> One of the irritating assumptions is that group "root" exists. There are too 
> many packages whose "make install" contains "chown root.root ....". We dont 
> have a root group, our /etc/group file is common across all our machines.

I assume you have a group with GID 0?  Then why not add the "root" group 
as another GID 0 group at the end of the file so that the "chown" works?  
It won't break anything already in place, but it will let that chown 
work.

> Another is that roots home directory is not the root of the filesystem. This 
> is the very first thing we have to fix on any linux installation - its 
> complete brain damage. If you have automatic systems installing and updating 
> remotely using rsh etc on many different systems some of which have different 
> partitioning information and different partitions served r/o from different 
> places etc, you must be in a position to be able to use rsh and rdist with 
> root-relative paths.

Although this is my personal opinion, I much prefer to have /root or 
/home/root or something else on the / partition.  Since root tends to 
store at least some files in her account, it seems to make sense to have 
those files in a special directory, and not cluttering up the / 
directory.  I also would rather not have my users seeing any of my files, 
whether they can read them or not.  "Traffic analysis" works too well too 
often.

Finally - This mail doesn't seem particularly concerned with Linux 
security issues, more like configuration issues.  It sounds as if you are 
expecting Linux to, out-of-the-box, conform to other OS's, and that it 
should, right or wrong, do the same thing as those OS's.  The latter idea 
is at best foolhardy, and the former one doesn't really apply.  Linux is 
perhaps the most configurable operating system I have EVER seen.  If you 
don't like where something is, you can move it just about anywhere you 
want.

The attitude sounds like one of "Linux hasn't been around long enough to 
know what's best; therefore it should conform."  You can make it do so 
yourself if you want, but don't expect the builders of the system to do 
it for you.

shag

Judd Bourgeois     | When we are planning for posterity,
shagboy@thecia.net | we ought to remember that virtue is
Finger for PGP key | not hereditary.        Thomas Paine


home help back first fref pref prev next nref lref last post