[780] in linux-security and linux-alert archive

home help back first fref pref prev next nref lref last post

Re: [linux-security] standard users,groups,perms?

daemon@ATHENA.MIT.EDU (Joseph S. D. Yao)
Tue Jun 11 11:50:49 1996

Date: Fri, 7 Jun 1996 18:06:10 -0400
From: "Joseph S. D. Yao" <jsdy@cais.cais.com>
To: jsdy@cais.cais.com, maartenb@nicetech.com
Cc: linux-security@tarsier.cv.nrao.edu

> "Joseph S. D. Yao wrote:"
> > I always insist that absolutely nothing at all whatsoever on the file
> > system be owned by root.  ...

> From a security point of view I do not think this is a wise guideline.
> By introducing more accounts the number of weak links is increased, 
> there is less support from the kernel to protect these accounts, an
> people are more careless ``because it is not the root account''

Security is a people problem first, a technical problem second.  TELL
them that those accounts' passwords must be protected the same, and
don't EVER let them think otherwise.  Make the mystique around, not
"root", but "root & bin & sys & adm" (or whatever).

> What is the point ? do not let someone's helpers cousin's neighbors edit
> your password file :-)

Indeed ... that is an additional point one can gain from the tale.

Joe Yao				jsdy@cais.com - Joseph S. D. Yao

home help back first fref pref prev next nref lref last post