[766] in linux-security and linux-alert archive

home help back first fref pref prev next nref lref last post

Re: [linux-security] standard users,groups,perms?

daemon@ATHENA.MIT.EDU (Jeffrey J. Radice)
Mon Jun 10 14:35:01 1996

From: jjr@zilker.net (Jeffrey J. Radice)
To: shagboy@thecia.net (shaggenbunsenburner)
Date: Thu, 6 Jun 1996 17:09:38 -0500 (CDT)
Cc: Richard.Black@cl.cam.ac.uk, jjr@zilker.net,
        linux-security@tarsier.cv.nrao.edu
In-Reply-To: <Pine.LNX.3.91.960606174835.4000C-100000@shag.thecia.net> from "shaggenbunsenburner" at Jun 6, 96 05:57:06 pm


>On Thu, 6 Jun 1996, Richard Black wrote:
>
>>One of the irritating assumptions is that group "root" exists. There are too 
>> many packages whose "make install" contains "chown root.root ....". We dont 
>> have a root group, our /etc/group file is common across all our machines.
>
>I assume you have a group with GID 0?  Then why not add the "root" group 
>as another GID 0 group at the end of the file so that the "chown" works?  
>It won't break anything already in place, but it will let that chown 
>work.

I for one didn't realize that was possible.

I agree that software should not presume that GID 0 is root, and
Makefiles that include an install option should have the UID
and GID configurable at the beginning of the script as a variable;
not hardwired in.

>Finally - This mail doesn't seem particularly concerned with Linux 
>security issues, more like configuration issues.

Ahh, but there is a grey area in which the two become one.
I think it foolhardy to ruminate over configuration without
considering security.

Which is why I asked the question in the first place.
I was not suggesting that there should be a standard for
system users, groups and perms -- only asking advice about
what a reasonable configuration for them might be.  I appreciate
all the feedback I've received, though haven't digested it all.

I'm still interested in references to books, articles or docs that
discuss the issue at greater length.  Any pointers?

-jjr

home help back first fref pref prev next nref lref last post