[787] in linux-security and linux-alert archive
Re: [linux-security] standard users,groups,perms?
daemon@ATHENA.MIT.EDU (Synthesizer Punk)
Wed Jun 12 18:59:42 1996
Date: Wed, 12 Jun 1996 00:19:28 -0400 (EDT)
From: Synthesizer Punk <Lucas@wasteland.org>
To: linux-security@tarsier.cv.nrao.edu
In-Reply-To: <199606110134.VAA10280@microhertz.njit.edu>
On Mon, 10 Jun 1996, Matthew J. Hill wrote:
> i think this brings up another important security issue, perhaps not quite
> so linux-related, but relevant nonetheless. why does root have Mail,
> .cshrc, .profile, etc. files? there is no reason for this. in fact, i
> think it can be a *big* detriment in some cases. people *have* to
> remember that root is *not* a user account, and there fore should not have
> any user files. root is a thing, not a person, a way of doing things that
> cannot be done any other way. root's mail should be aliased to the
> sysadmin. root should never be in a mailer, a newsreader, or any other
> program it doesn't have to use to maintain the system. this basically
> amounts to mv, cp, ln, ch[own,mod,grp] and a few others.
I'm just a lurker, but a topic of my interest has risen, so I
procede to interject...
The root account is nothing but an administration tool. Whomever
it was in the above quote (in my haste to prepare my mail, I didn't take
heed to who it was, but credit for the sensible knowledge is due) has the
right idea. I often time see people using IRC from root, which truely
disgusts me. Why compromise security like that? Do not read mail from
root, don't do user-things as root, and please dear god don't IRC as root.
All of those previous mentioned could make you a sitting target for a wily
cracker or a caniving prank. the root account is for doing things that
regular users shouldn't be able to, a hidden command to create/destroy
things. Do as you wish, but you only compromise security.
I don't suggest putting root under /home on large or multi
partitioned systems, especially ones that partition /home. If /home/root
is' UID 0's home dir, what would you do if /home wasn't mountable if you
gave the 3 finger salute? Not login, for the most part. 8^)
But, as I've said before, it's up to you. Part of the joy of
linux, among other unices is the fact that you can do one trivial task a
million different ways. This is ONE thing that should never be changed.
. - -- -- -------__--__------------------__---.-- - - - -- ----- --- ----.
: ___ __ _____ / /_/ / ___ __ _____ / /__ : mailto:Lucas@wasteland.org :
|(_-</ // / _ \/ __/ _ \/ _ \/ // / _ \/ '_/ | If privacy is outlawed, only |
/___/\_, /_//_/\__/_//_/ .__/\_,_/_//_/_/\_\ : outlaws will have privacy. :
`---/___/-------------/_/---- ---- - http://www.tessier.com/People/synthpunk |
`.mail: lucas@bill.gates.will.turn.the.internet.into.a.total.wasteland.org....'