[792] in linux-security and linux-alert archive

home help back first fref pref prev next nref lref last post

Re: [linux-security] standard users,groups,perms?

daemon@ATHENA.MIT.EDU (John Henders)
Wed Jun 12 18:59:46 1996

To: matt@microhertz.njit.edu (Matthew J. Hill)
Date: Tue, 11 Jun 1996 14:28:47 -0700 (PDT)
Cc: linux-security@tarsier.cv.nrao.edu
In-Reply-To: <199606110134.VAA10280@microhertz.njit.edu> from "Matthew J. Hill" at "Jun 10, 96 09:34:57 pm"
From: John Henders <jhenders@stdismas.bogon.com>

Matthew J. Hill writes:

> i think this brings up another important security issue, perhaps not quite
> so linux-related, but relevant nonetheless.  why does root have Mail,
> .cshrc, .profile, etc. files?  there is no reason for this.  in fact, i
> think it can be a *big* detriment in some cases.  people *have* to
> remember that root is *not* a user account, and there fore should not have
> any user files.  root is a thing, not a person,

Having been a system administrator for a moderate sized ISP for a few
years now, I'd have to say that while this may be true for your reality,
it certainly isn't for mine. Testing a user's mailbox with elm, a common
thing to do in my job, creates a Mail directory for you, unless you want
to constantly be asked by elm every time it runs if it should create
one. I'd rather have that stuck in a directory rather than cluttering up
my root directory.

>.....  root
> shouldn't have aliases, environment variables can be set by hand after you
> log in.  fancy prompts and "alias rm='rm -i'" can only muck things up,
> espically if multiple users share the root account.
>

Fancy prompts can serve as a visual reminder that you are root. It's
also a lot less likely you'll make the previously quoted mistake of a
deletion in the wrong directory if you have the $CWD in your prompt.
And, if you are used to a customized environment in your user account,
not carrying those aliases into your root shell can lead to errors as
well. Of course I've met people who therefore never customise their
normal environment either, but as far as I can see, that just means they
can't take advantage of a lot of the power using unix gives you.

-- 
      Artificial Intelligence stands no chance against Natural Stupidity.
                GAT d- -p+(--) c++++ l++ u++ t- m--- W--- !v
                     b+++ e* s-/+ n-(?) h++ f+g+ w+++ y*

home help back first fref pref prev next nref lref last post