[784] in linux-security and linux-alert archive

home help back first fref pref prev next nref lref last post

Re: [linux-security] standard users,groups,perms?

daemon@ATHENA.MIT.EDU (Jeff Uphoff)
Tue Jun 11 12:43:29 1996

Date: Tue, 11 Jun 1996 12:12:29 -0400
From: Jeff Uphoff <juphoff@tarsier.cv.nrao.edu>
To: linux-security@tarsier.cv.nrao.edu
CC: "Matthew J. Hill" <matt@microhertz.njit.edu>
In-Reply-To: Your message of Mon, June 10, 1996 21:34:57 -0400

"MJH" == Matthew J Hill <matt@microhertz.njit.edu> writes:

MJH> another, equally important issue, is the use of dotfiles.  root
MJH> shouldn't have any.  *any.*

This is getting heavily into the realm of religion, but I have to mildly
disagree here; one example of a very useful dotfile (well...directory,
in this case):

~root/.ssh/

Oftentimes, due to locally-determined conditions (commonly found in
medium-to-large site installations), root on one system *must* trust
root on another (e.g. for certain types of backups, rdist jobs, and the
like).  I'd much rather define that trust in terms of a (possibly
passphrase-protected) SSH key than a vanilla .rhosts file, for obvious
reasons.  SSH's encrypted connection is a nice side benefit as well....

MJH> fancy prompts and "alias rm='rm -i'" can only muck things up,
MJH> espically if multiple users share the root account.

A bit of disagreement here too: I find a prompt that really stands out
and SHOUTS a constant reminder that the uid is 0 to be A Good Thing.

--Up.

-- 
Jeff Uphoff - systems/network admin.  |  juphoff@nrao.edu
National Radio Astronomy Observatory  |  juphoff@bofh.org.uk
Charlottesville, VA, USA              |  jeff.uphoff@linux.org
    PGP key available at: http://www.cv.nrao.edu/~juphoff/

home help back first fref pref prev next nref lref last post