[780] in linux-security and linux-alert archive
Re: [linux-security] standard users,groups,perms?
daemon@ATHENA.MIT.EDU (Joseph S. D. Yao)
Tue Jun 11 11:50:49 1996
Date: Fri, 7 Jun 1996 18:06:10 -0400
From: "Joseph S. D. Yao" <jsdy@cais.cais.com>
To: jsdy@cais.cais.com, maartenb@nicetech.com
Cc: linux-security@tarsier.cv.nrao.edu
> "Joseph S. D. Yao wrote:"
> > I always insist that absolutely nothing at all whatsoever on the file
> > system be owned by root. ...
> From a security point of view I do not think this is a wise guideline.
> By introducing more accounts the number of weak links is increased,
> there is less support from the kernel to protect these accounts, an
> people are more careless ``because it is not the root account''
Security is a people problem first, a technical problem second. TELL
them that those accounts' passwords must be protected the same, and
don't EVER let them think otherwise. Make the mystique around, not
"root", but "root & bin & sys & adm" (or whatever).
> What is the point ? do not let someone's helpers cousin's neighbors edit
> your password file :-)
Indeed ... that is an additional point one can gain from the tale.
Joe Yao jsdy@cais.com - Joseph S. D. Yao