[756] in linux-security and linux-alert archive
Re: [linux-security] standard users,groups,perms?
daemon@ATHENA.MIT.EDU (shaggenbunsenburner)
Mon Jun 10 14:10:43 1996
Date: Thu, 6 Jun 1996 17:57:06 -0400 (EDT)
From: shaggenbunsenburner <shagboy@thecia.net>
To: Richard Black <Richard.Black@cl.cam.ac.uk>
cc: "Jeffrey J. Radice" <jjr@zilker.net>, linux-security@tarsier.cv.nrao.edu,
Richard.Black@cl.cam.ac.uk
In-Reply-To: <E0uRel9-0004BI-00@heaton.cl.cam.ac.uk>
On Thu, 6 Jun 1996, Richard Black wrote:
> One of the irritating assumptions is that group "root" exists. There are too
> many packages whose "make install" contains "chown root.root ....". We dont
> have a root group, our /etc/group file is common across all our machines.
I assume you have a group with GID 0? Then why not add the "root" group
as another GID 0 group at the end of the file so that the "chown" works?
It won't break anything already in place, but it will let that chown
work.
> Another is that roots home directory is not the root of the filesystem. This
> is the very first thing we have to fix on any linux installation - its
> complete brain damage. If you have automatic systems installing and updating
> remotely using rsh etc on many different systems some of which have different
> partitioning information and different partitions served r/o from different
> places etc, you must be in a position to be able to use rsh and rdist with
> root-relative paths.
Although this is my personal opinion, I much prefer to have /root or
/home/root or something else on the / partition. Since root tends to
store at least some files in her account, it seems to make sense to have
those files in a special directory, and not cluttering up the /
directory. I also would rather not have my users seeing any of my files,
whether they can read them or not. "Traffic analysis" works too well too
often.
Finally - This mail doesn't seem particularly concerned with Linux
security issues, more like configuration issues. It sounds as if you are
expecting Linux to, out-of-the-box, conform to other OS's, and that it
should, right or wrong, do the same thing as those OS's. The latter idea
is at best foolhardy, and the former one doesn't really apply. Linux is
perhaps the most configurable operating system I have EVER seen. If you
don't like where something is, you can move it just about anywhere you
want.
The attitude sounds like one of "Linux hasn't been around long enough to
know what's best; therefore it should conform." You can make it do so
yourself if you want, but don't expect the builders of the system to do
it for you.
shag
Judd Bourgeois | When we are planning for posterity,
shagboy@thecia.net | we ought to remember that virtue is
Finger for PGP key | not hereditary. Thomas Paine