[764] in linux-security and linux-alert archive
Re: [linux-security] standard users,groups,perms?
daemon@ATHENA.MIT.EDU (Squawk)
Mon Jun 10 14:32:27 1996
Date: Fri, 7 Jun 1996 08:57:30 -0400 (EDT)
From: Squawk <discodan@vampire.org>
To: Richard Black <Richard.Black@cl.cam.ac.uk>
cc: "Jeffrey J. Radice" <jjr@zilker.net>, linux-security@tarsier.cv.nrao.edu,
Richard.Black@cl.cam.ac.uk
In-Reply-To: <E0uRel9-0004BI-00@heaton.cl.cam.ac.uk>
On Thu, 6 Jun 1996, Richard Black wrote:
>
> At this site we integrate a large number of linux boxes with a large number of
> other machines from very many other vendors.
>
> Our experience is that some of the user / group assumptions on linux are
> irritating, probably derived from the fact that many of the linux community
> appear to manage their machines locally where the user is the administrator
> and the machine is isolated. Witnes (for example) the very long time for which
> the password entries in /etc/passwd were not encrypted correctly for
> alpha_linux (a 64bit problem) and it wasnt noticed!!
>
not that many people have alpha_linux up and running. I think its safe to
say that the majority of linux users are home users, with PC's. It's
pretty difficult to notice problems if you have a limited users group
> Another is that roots home directory is not the root of the filesystem. This
> is the very first thing we have to fix on any linux installation - its
> complete brain damage. If you have automatic systems installing and updating
> remotely using rsh etc on many different systems some of which have different
> partitioning information and different partitions served r/o from different
> places etc, you must be in a position to be able to use rsh and rdist with
> root-relative paths.
The old addage "you get what you pay for" comes to mind.
for a free, stable, powerful operating system i'd spend the 30 seconds
rditing /etc/passwd (and all related files) to make roots homedir where I
want it..
while the user/group system may seem odd to you, i've noticed big
differences in all flavors of unix about the user group differences.. I
wouldn't consider this a TRUE security problem (though it may cause you
security problems down the road, you have to be really careful), instead
i'd consider it an inconvienience..
-Dan