[769] in linux-security and linux-alert archive
Re: [linux-security] standard users,groups,perms?
daemon@ATHENA.MIT.EDU (Rob J. Nauta)
Mon Jun 10 14:40:53 1996
Resent-From: "Rob J. Nauta" <rob@redwood.nl>
From: "Rob J. Nauta" <rob@redwood.nl>
Resent-To: linux-security@tarsier.cv.nrao.edu
Date: Fri, 07 Jun 1996 14:55:58 METDST
To: iialan@iifeak.swan.ac.uk (Alan Cox)
In-Reply-To: <m0uRbSB-0009fQC@iifeak.swan.ac.uk>; from "Alan Cox" at Jun 6, 96 10:34 am
>
> > bin 2 / Own binaries (bin,sbin,etc) directories.
>
> Not if you have NFS. Also consider the fact root security is much more tightly
> guarded than bin.
>
>
Indeed, this discussion started out on the wrong foot from the start.
In file and process security, one should strive to give processes the
MINIMUM privileges - run as 'nobody' where 'nobody' is a user with a
blocked password and /bin/false as shell. File protections should have
the MAXIMUM privileges, that is, owned by root. If you make them owned
by 'nobody' you reduce security, you don't increase it.
This goes for all ordinary files. Obviously suid binaries have to be
owned by the uid as which they will run.
If you run a subsystem as a user, say 'bin', and config/program files
or directories are also owned by bin, someone that exploits a bug in
that part, can also modify files. If all files are owned by root, one
would have to break root to modify anything, and then you can modify
any file in the system anyway.
Plus indeed, root is more protected by eg. NFS, which remaps root
accesses to 'nobody'. Hence a file owned by root can never be
modified over NFS if you export it the right way.
[Mod: Under recent versions of Olaf's Linux nfsd, arbitrary uid's/gid's
can be remapped the same as root's. --Jeff.]
Rob
--
~*-,._.,-*~'`^`'~*-,._.,-*~'`^`'~*-,._.,-*~'`^`'~*-,._.,-*~'`^`'~*-,._.,-*~
Rob J. Nauta rob@redwood.nl
REDWOOD Business Group B.V. Phone: +31-306931310
Princenhof Park 13 Telefax: +31-306930477
3972 NG DRIEBERGEN
The Netherlands