[766] in linux-security and linux-alert archive
Re: [linux-security] standard users,groups,perms?
daemon@ATHENA.MIT.EDU (Jeffrey J. Radice)
Mon Jun 10 14:35:01 1996
From: jjr@zilker.net (Jeffrey J. Radice)
To: shagboy@thecia.net (shaggenbunsenburner)
Date: Thu, 6 Jun 1996 17:09:38 -0500 (CDT)
Cc: Richard.Black@cl.cam.ac.uk, jjr@zilker.net,
linux-security@tarsier.cv.nrao.edu
In-Reply-To: <Pine.LNX.3.91.960606174835.4000C-100000@shag.thecia.net> from "shaggenbunsenburner" at Jun 6, 96 05:57:06 pm
>On Thu, 6 Jun 1996, Richard Black wrote:
>
>>One of the irritating assumptions is that group "root" exists. There are too
>> many packages whose "make install" contains "chown root.root ....". We dont
>> have a root group, our /etc/group file is common across all our machines.
>
>I assume you have a group with GID 0? Then why not add the "root" group
>as another GID 0 group at the end of the file so that the "chown" works?
>It won't break anything already in place, but it will let that chown
>work.
I for one didn't realize that was possible.
I agree that software should not presume that GID 0 is root, and
Makefiles that include an install option should have the UID
and GID configurable at the beginning of the script as a variable;
not hardwired in.
>Finally - This mail doesn't seem particularly concerned with Linux
>security issues, more like configuration issues.
Ahh, but there is a grey area in which the two become one.
I think it foolhardy to ruminate over configuration without
considering security.
Which is why I asked the question in the first place.
I was not suggesting that there should be a standard for
system users, groups and perms -- only asking advice about
what a reasonable configuration for them might be. I appreciate
all the feedback I've received, though haven't digested it all.
I'm still interested in references to books, articles or docs that
discuss the issue at greater length. Any pointers?
-jjr