[760] in linux-security and linux-alert archive

home help back first fref pref prev next nref lref last post

Re: [linux-security] standard users,groups,perms?

daemon@ATHENA.MIT.EDU (Tomasz Surmacz)
Mon Jun 10 14:11:32 1996

From: Tomasz Surmacz <ts@papaja.wroc.apk.net>
To: linux-security@tarsier.cv.nrao.edu
Date: Fri, 7 Jun 1996 00:33:12 +0200 (MET DST)
In-Reply-To: <E0uRel9-0004BI-00@heaton.cl.cam.ac.uk> from "Richard Black" at Jun 6, 96 02:05:53 pm

Richard.Black@cl.cam.ac.uk (Richard Black) wrote:
> 
> Our experience is that some of the user / group assumptions on linux are 
> irritating, probably derived from the fact that many of the linux community 
...
> Another is that roots home directory is not the root of the filesystem. This 
> is the very first thing we have to fix on any linux installation - its 
> complete brain damage. If you have automatic systems installing and updating 

Why?  Does root's home directory really need to be / ?  It's really
annoying to have all those /Mail, /.cshrc, /.profile, /.exrc, /.history
(etc.) files and directories, don't you think so?  If root's home is
something else than / you may also do 'chmod 700 ~root' and stop users
from sniffing around root's working environment.  It really is much
safer to arrange things that way [1].

I personally use /root as root's home not only on Linux, but also on all
other unixes I am in charge of, like SunOS, Solaris or IRIX.  With no
side-effects at all (the only thing you should care in such a setup is
that ~root should really be on the root partition, ie. not /home/root
if /home is a separate one - otherwise, when problems arise, you 
may have twice as much of them.)

> remotely using rsh etc on many different systems some of which have different 
> partitioning information and different partitions served r/o from different 
> places etc, you must be in a position to be able to use rsh and rdist with 
> root-relative paths.

Well, whatever the partitioning system is, if you just put '/' in front
of the path or file name, it will bring you whatever you really want to.
Using relative paths when doing something remotly is never a good idea.

Tomasz

[1] BTW. I once had to clean the mess after the wanna-be system
administrator, who after discovering that root's home was /root (on a
solaris box) first moved all the files from there to /, then changed
~root to /, then 'chmod 700 ~root'.  Finding it out over a phone was
not a trivial task (yes, you guessed it, nobody except root could log
in, and root could not log in over the net of course...).

-- 
 _________
(_   _' __) Tomasz R. Surmacz *---* Work:(071)202636, tsurmacz@ict.pwr.wroc.pl
  |  (__  \ http://www.ict.pwr.wroc.pl/~tsurmacz/ *----* Home: ts@wroc.apk.net
  |__(____/ For PGP key finger tsurmacz@asic.ict.pwr.wroc.pl *---* irc: TomekS

home help back first fref pref prev next nref lref last post