[759] in linux-security and linux-alert archive
Re: [linux-security] standard users,groups,perms?
daemon@ATHENA.MIT.EDU (Przemek Klosowski)
Mon Jun 10 14:11:07 1996
Date: Thu, 6 Jun 1996 15:45:06 -0400
From: przemek@rrdjazz.nist.gov (Przemek Klosowski)
To: linux-security@tarsier.cv.nrao.edu, Richard.Black@cl.cam.ac.uk
In-reply-to: <E0uRel9-0004BI-00@heaton.cl.cam.ac.uk> (message from Richard Black on Thu, 06 Jun 1996 14:05:53 +0100)
Richard wrote:
At this site we integrate a large number of linux boxes with a large number of
other machines from very many other vendors.
Our experience is that some of the user / group assumptions on linux are
irritating, probably derived from the fact that many of the linux community
appear to manage their machines locally where the user is the administrator
I think that is unfair to people who designed the layout (FSSTND folk
and distribution authors) gave a significant thought to it, and tried
to improve the traditional setup. I actually think that the Linux
setup makes more sense in many cases, and the traditional setup is
simply more familiar.
One of the irritating assumptions is that group "root" exists. There are too
many packages whose "make install" contains "chown root.root ....". We dont
have a root group, our /etc/group file is common across all our machines.
Well, it is only a logical consequence of the 1GID/1UID setup, which, again, makes
sense to me. Why couldn't you simply add group root to your /etc/group? it won't
harm the machines on which it is not used...
Another is that roots home directory is not the root of the filesystem. This
is the very first thing we have to fix on any linux installation - its
complete brain damage.
I must say that I feel safer with root's home directory being /root;
the only reason why it should not be /home/root is that it must be on
the root filesystem.
przemek klosowski (przemek@nist.gov)
Reactor Division (bldg. 235), E111
National Institute of Standards and Technology
Gaithersburg, MD 20899, USA
(301) 975 6249