[760] in linux-security and linux-alert archive
Re: [linux-security] standard users,groups,perms?
daemon@ATHENA.MIT.EDU (Tomasz Surmacz)
Mon Jun 10 14:11:32 1996
From: Tomasz Surmacz <ts@papaja.wroc.apk.net>
To: linux-security@tarsier.cv.nrao.edu
Date: Fri, 7 Jun 1996 00:33:12 +0200 (MET DST)
In-Reply-To: <E0uRel9-0004BI-00@heaton.cl.cam.ac.uk> from "Richard Black" at Jun 6, 96 02:05:53 pm
Richard.Black@cl.cam.ac.uk (Richard Black) wrote:
>
> Our experience is that some of the user / group assumptions on linux are
> irritating, probably derived from the fact that many of the linux community
...
> Another is that roots home directory is not the root of the filesystem. This
> is the very first thing we have to fix on any linux installation - its
> complete brain damage. If you have automatic systems installing and updating
Why? Does root's home directory really need to be / ? It's really
annoying to have all those /Mail, /.cshrc, /.profile, /.exrc, /.history
(etc.) files and directories, don't you think so? If root's home is
something else than / you may also do 'chmod 700 ~root' and stop users
from sniffing around root's working environment. It really is much
safer to arrange things that way [1].
I personally use /root as root's home not only on Linux, but also on all
other unixes I am in charge of, like SunOS, Solaris or IRIX. With no
side-effects at all (the only thing you should care in such a setup is
that ~root should really be on the root partition, ie. not /home/root
if /home is a separate one - otherwise, when problems arise, you
may have twice as much of them.)
> remotely using rsh etc on many different systems some of which have different
> partitioning information and different partitions served r/o from different
> places etc, you must be in a position to be able to use rsh and rdist with
> root-relative paths.
Well, whatever the partitioning system is, if you just put '/' in front
of the path or file name, it will bring you whatever you really want to.
Using relative paths when doing something remotly is never a good idea.
Tomasz
[1] BTW. I once had to clean the mess after the wanna-be system
administrator, who after discovering that root's home was /root (on a
solaris box) first moved all the files from there to /, then changed
~root to /, then 'chmod 700 ~root'. Finding it out over a phone was
not a trivial task (yes, you guessed it, nobody except root could log
in, and root could not log in over the net of course...).
--
_________
(_ _' __) Tomasz R. Surmacz *---* Work:(071)202636, tsurmacz@ict.pwr.wroc.pl
| (__ \ http://www.ict.pwr.wroc.pl/~tsurmacz/ *----* Home: ts@wroc.apk.net
|__(____/ For PGP key finger tsurmacz@asic.ict.pwr.wroc.pl *---* irc: TomekS