[787] in linux-security and linux-alert archive

home help back first fref pref prev next nref lref last post

Re: [linux-security] standard users,groups,perms?

daemon@ATHENA.MIT.EDU (Synthesizer Punk)
Wed Jun 12 18:59:42 1996

Date: Wed, 12 Jun 1996 00:19:28 -0400 (EDT)
From: Synthesizer Punk <Lucas@wasteland.org>
To: linux-security@tarsier.cv.nrao.edu
In-Reply-To: <199606110134.VAA10280@microhertz.njit.edu>

On Mon, 10 Jun 1996, Matthew J. Hill wrote:

> i think this brings up another important security issue, perhaps not quite
> so linux-related, but relevant nonetheless.  why does root have Mail,
> .cshrc, .profile, etc. files?  there is no reason for this.  in fact, i
> think it can be a *big* detriment in some cases.  people *have* to
> remember that root is *not* a user account, and there fore should not have
> any user files.  root is a thing, not a person, a way of doing things that
> cannot be done any other way.  root's mail should be aliased to the
> sysadmin.  root should never be in a mailer, a newsreader, or any other
> program it doesn't have to use to maintain the system.  this basically
> amounts to mv, cp, ln, ch[own,mod,grp] and a few others.

	I'm just a lurker, but a topic of my interest has risen, so I
procede to interject...

	The root account is nothing but an administration tool.  Whomever
it was in the above quote (in my haste to prepare my mail, I didn't take
heed to who it was, but credit for the sensible knowledge is due) has the
right idea.  I often time see people using IRC from root, which truely
disgusts me.  Why compromise security like that?  Do not read mail from
root, don't do user-things as root, and please dear god don't IRC as root.
All of those previous mentioned could make you a sitting target for a wily
cracker or a caniving prank.  the root account is for doing things that
regular users shouldn't be able to, a hidden command to create/destroy
things.  Do as you wish, but you only compromise security.

	I don't suggest putting root under /home on large or multi
partitioned systems, especially ones that partition /home.  If /home/root
is' UID 0's home dir, what would you do if /home wasn't mountable if you
gave the 3 finger salute?  Not login, for the most part. 8^)

	But, as I've said before, it's up to you.  Part of the joy of
linux, among other unices is the fact that you can do one trivial task a
million different ways.  This is ONE thing that should never be changed.
	
. - -- -- -------__--__------------------__---.--  -    - -  -- ----- --- ----.
: ___ __ _____  / /_/ /  ___  __ _____  / /__ :   mailto:Lucas@wasteland.org  :
|(_-</ // / _ \/ __/ _ \/ _ \/ // / _ \/  '_/ |  If privacy is outlawed, only |
/___/\_, /_//_/\__/_//_/ .__/\_,_/_//_/_/\_\  :   outlaws will have privacy.  :
`---/___/-------------/_/---- ---- - http://www.tessier.com/People/synthpunk  |
`.mail: lucas@bill.gates.will.turn.the.internet.into.a.total.wasteland.org....'


home help back first fref pref prev next nref lref last post