[768] in linux-security and linux-alert archive

home help back first fref pref prev next nref lref last post

Re: [linux-security] standard users,groups,perms?

daemon@ATHENA.MIT.EDU (Joseph S. D. Yao)
Mon Jun 10 14:40:51 1996

Date: Fri, 7 Jun 1996 17:56:18 -0400
From: "Joseph S. D. Yao" <jsdy@cais.cais.com>
To: jsdy@cais.cais.com, R.E.Wolff@et.tudelft.nl
Cc: jjr@zilker.net, linux-security@tarsier.cv.nrao.edu

> > I always insist that absolutely nothing at all whatsoever on the file
> > system be owned by root.  ...

> And in practise, the "root" account is better protected by such
> provisions as securetty (can root login on /dev/modem, /dev/pty0?)
> nfs root->nobody remapping, rhosts' special case for "root" 
> (Not honouring /etc/hosts.equiv) etc etc.

It needs to be.  It has special privileges.  The others do NOT.

> So I agree with you that for a set of unexperienced administrators, 
> it would be nice to have each of them only capable of creating havock
> with only part of the system. 

You miss the point entirely.  You have a SMALL number of people (1-2)
with ALL of the passwords.  Experience doesn't diminish the OOPS!
factor.  I've been working with computers and the 'Net (in its changing
forms) for over 20 years.  My fingers occasionally type in things that
I didn't tell them to.  [;-)]

Actually, your suggestion is another way that you can use these
separate accounts.  The person who has lots of experience with UUCP and
is always doing UUCP stuff really only memorizes the uucp password, as
well as his own and root's.  The kernel guru: sys's.  Etc.  Thank you
for an excellent (if accidental) point.

"Unexperienced" people have no business having any of these passwords.

> Once you can get all applications(*) to treat uids < SOME_LIMIT the
> same as "root" I would start to agree with you.
> (*) And it will be hard to verify that we've modified indeed ALL 
> applications.....

No!  No!  A thousand times, no!  The whole point is, these other
accounts do NOT have the privileges of a "root"!  OBTW, it has nothing
to do with the applications; it is the KERNEL that checks whether a
given process has "super-user" credentials; usually by examining the
UID and seeing whether it is 0 (except in some experimental security
kernels).

>  ** Q: What's the difference between MicroSoft Windows and a virus?       **
>  ** A: Apart from the fact that virusses install easier, none.            **

Quite right.  ;-) ;-)

Joe Yao				jsdy@cais.com - Joseph S. D. Yao

home help back first fref pref prev next nref lref last post