[783] in linux-security and linux-alert archive

home help back first fref pref prev next nref lref last post

Re: [linux-security] standard users,groups,perms?

daemon@ATHENA.MIT.EDU (Matthew J. Hill)
Tue Jun 11 11:58:21 1996

From: "Matthew J. Hill" <matt@microhertz.njit.edu>
To: linux-security@tarsier.cv.nrao.edu
Date: Mon, 10 Jun 1996 21:34:57 -0400 (EDT)
In-Reply-To: <199606062233.AAA00321@papaja.wroc.apk.net> from "Tomasz Surmacz" at Jun 7, 96 00:33:12 am

> Why?  Does root's home directory really need to be / ?  It's really
> annoying to have all those /Mail, /.cshrc, /.profile, /.exrc, /.history
> (etc.) files and directories, don't you think so?  If root's home is
> something else than / you may also do 'chmod 700 ~root' and stop users
> from sniffing around root's working environment.  It really is much
> safer to arrange things that way [1].

i think this brings up another important security issue, perhaps not quite
so linux-related, but relevant nonetheless.  why does root have Mail,
.cshrc, .profile, etc. files?  there is no reason for this.  in fact, i
think it can be a *big* detriment in some cases.  people *have* to
remember that root is *not* a user account, and there fore should not have
any user files.  root is a thing, not a person, a way of doing things that
cannot be done any other way.  root's mail should be aliased to the
sysadmin.  root should never be in a mailer, a newsreader, or any other
program it doesn't have to use to maintain the system.  this basically
amounts to mv, cp, ln, ch[own,mod,grp] and a few others.

> I personally use /root as root's home not only on Linux, but also on all
> other unixes I am in charge of, like SunOS, Solaris or IRIX.  With no
> side-effects at all (the only thing you should care in such a setup is
> that ~root should really be on the root partition, ie. not /home/root
> if /home is a separate one - otherwise, when problems arise, you 
> may have twice as much of them.)

another, equally important issue, is the use of dotfiles.  root shouldn't
have any.  *any.*  since root's shell should be /bin/sh, .cshrc does you
no good.  and .profile can only muck things up... having anything other
than /usr/bin:/usr/sbin in your path can be a security hole, root
shouldn't have aliases, environment variables can be set by hand after you
log in.  fancy prompts and "alias rm='rm -i'" can only muck things up,
espically if multiple users share the root account.

root also doesn't need to have personal filespace... remember the whole
filesystem is his personal files space.  old .tar.gz files can be stored
in /usr/local/src, etc etc...

and remember, root should not be too comfortable.   if you have to type
/usr/local/sbin/my_strange_script all the time, you're less apt to run the
wrong one by accident.  plus, the less time you spend as root, the better.

> Well, whatever the partitioning system is, if you just put '/' in front
> of the path or file name, it will bring you whatever you really want to.
> Using relative paths when doing something remotly is never a good idea.
> 
> Tomasz
> 
> [1] BTW. I once had to clean the mess after the wanna-be system
> administrator, who after discovering that root's home was /root (on a
> solaris box) first moved all the files from there to /, then changed
> ~root to /, then 'chmod 700 ~root'.  Finding it out over a phone was
> not a trivial task (yes, you guessed it, nobody except root could log
> in, and root could not log in over the net of course...).

sounds horrible.  couldn't we all avoid this type of stuff by (1) keeping
the root password out of the hands of morons, and (2) putting the root of
the filesystem where it ought to be.  

on my linux boxen, i usually move root's home dir to / pretty early on.
helps keep me out of bad habits, too.

> 
> -- 
>  _________
> (_   _' __) Tomasz R. Surmacz *---* Work:(071)202636, tsurmacz@ict.pwr.wroc.pl
>   |  (__  \ http://www.ict.pwr.wroc.pl/~tsurmacz/ *----* Home: ts@wroc.apk.net
>   |__(____/ For PGP key finger tsurmacz@asic.ict.pwr.wroc.pl *---* irc: TomekS
> 


-- 
Matthew Hill
matt@hertz.njit.edu

home help back first fref pref prev next nref lref last post