[779] in linux-security and linux-alert archive

home help back first fref pref prev next nref lref last post

Re: [linux-security] standard users,groups,perms?

daemon@ATHENA.MIT.EDU (Adam Prato)
Tue Jun 11 11:50:34 1996

Date: Mon, 10 Jun 1996 13:54:13 -0600 (MDT)
From: Adam Prato <adamp@mickey.ovid.com>
To: "Joseph S. D. Yao" <jsdy@cais.cais.com>
Cc: jsdy@cais.cais.com, jjr@zilker.net, linux-security@tarsier.cv.nrao.edu
In-Reply-To: <199606101744.NAA04720@cais2.cais.com>



On Mon, 10 Jun 1996, Joseph S. D. Yao wrote:

> 
> Not true: the super-user account, which in recent (last 20 years ;-))
> versions of Unix has been called "root", has all reasonable accesses to
> a regular file on a regular disk file system, even though it might not
> "own" the file.
> 
> Hence some people fall into the trap of doing everything su'ed to or
> logged in as "root".
> 
> Hence all files thus created or copied become owned by root.
> 
> Which then seems to be the natural order of things for these people.
> 
> Since all things are owned by root, they and their successors then get
> into or stay in the habit of doing all things su'ed to or logged in as
> "root".
> 
> And when they accidentally do, from the directory they thought was /tmp
> but is really /, an "rm -rf .[A-Za-z]* *", all they can say is "well,
> it couldn't be helped."
> 
> The same when they copy a file into /dev/hda.
> 
> The same when they do anything which a sane set of permissions and
> user/group "ownership"s might have prevented, but which ownership by
> "root" and thus, necessarily, modification as "root" does little to
> prevent.
> 
> This is what I try to prevent by making things not owned by "root".
> It's not that they are owned by "root" that causes me grief.  It's that
> people then have to do maintenance to them as "root".
> 
> And, yes, if you have to routinely distribute tasks in a fixed and
> predictable manner, then tools such as 'sudo' help.  If you trust them.
>  [;-)/2]

I see, you've made some very good points and I totally agree with you. 
However I'm still entitled to my opinion for one :). But in addition to 
your philosophy, wouldnt it be appropriate to have separate classes of files?
I still believe that all internal system files should be owned by the 
root user, programs such as inetd services, and anything that gets executed
with root privileges should be owned by root, any user that has less 
privileges (bin, sys, daemon, regular users). Secondly, any files that 
need to be modified on occasion that are not system level config files 
per se (inetd.conf, /etc/crontab, whatever) should either be either owned 
by special users or group writeable. Especially if an important system 
file must be changed by running a specific command and typing a password 
over the network. 

Well, as we try and develop the ultimate security profile, we will 
undoubtedly go our own ways. But thanks for the feedback regarding your 
own ideas and experience.

Adam

home help back first fref pref prev next nref lref last post