[794] in linux-security and linux-alert archive

home help back first fref pref prev next nref lref last post

Re: [linux-security] standard users,groups,perms?

daemon@ATHENA.MIT.EDU (Joseph S. D. Yao)
Wed Jun 12 18:59:57 1996

Date: Tue, 11 Jun 1996 17:26:01 -0400
From: "Joseph S. D. Yao" <jsdy@cais.cais.com>
To: linux-security@tarsier.cv.nrao.edu, matt@microhertz.njit.edu

> > Why?  Does root's home directory really need to be / ?  It's really
> > annoying to have all those /Mail, /.cshrc, /.profile, /.exrc, /.history
> > (etc.) files and directories, ...

> i think this brings up another important security issue, perhaps not quite
> so linux-related, but relevant nonetheless.  why does root have Mail,
> .cshrc, .profile, etc. files?  ...
>						..  people *have* to
> remember that root is *not* a user account, and there fore should not have
> any user files.  root is a thing, not a person, a way of doing things that
> cannot be done any other way.  ...

Quite so.  Exactly.  However, I would say that ".profile", ".postfile",
and ".kshrc"-type files, or ".login", ".logout", and ".cshrc"-type files
for root can be used to enhance the security of the system, as long as
there is an explicit agreement NOT to muck with them once they're
properly set up.  They should remove "." from your $PATH (if your 'su'
doesn't do that already), and add directories where specifically
system-related commands are stored (e.g., /sbin, /usr/sbin).  They may
even regulate access, change umask, log access, and do other such
things.

>			    ...  root's mail should be aliased to the
> sysadmin.  root should never be in a mailer, a newsreader, or any other
> program it doesn't have to use to maintain the system.  this basically
> amounts to mv, cp, ln, ch[own,mod,grp] and a few others.

Yes!

> another, equally important issue, is the use of dotfiles.  root shouldn't
> have any.  *any.*  ...

Wow!  A person who's more dogmatic than I!  [;-)]  See my opinions
above.

> root also doesn't need to have personal filespace... remember the whole
> filesystem is his personal files space.  old .tar.gz files can be stored
> in /usr/local/src, etc etc...

Yes and no.  I quote, 
> remember that root is *not* a user account, and there fore should not have
> any user files.
The filesystem is NOT root's personal file space.  Root has no personal
files.  All of the files are either system files, files for a specific
application, or files for a specific user.  Which, I think, is what you
REALLY meant (if I may be so bold).

> and remember, root should not be too comfortable.   if you have to type
> /usr/local/sbin/my_strange_script all the time, you're less apt to run the
> wrong one by accident.  ...

I would not be quite so harsh.  Remember, personal comfort is part of
Maslow's hierarchy of needs (can't believe I'm quoting him now!): if
the lesser needs are taken care of, the person can better concentrate
on the more cerebrate needs, namely the task at hand.  (And I'm not one
for needless comforts - I did go to school at a Benedictine monastery.
 [;-)])

>		     ...  plus, the less time you spend as root, the better.

Yes!

Absolutely!

The whole point behind this entire thread!

> sounds horrible.  couldn't we all avoid this type of stuff by (1) keeping
> the root password out of the hands of morons, ...

Desirable, but not always feasible in the work arena.

>					   ..., and (2) putting the root of
> the filesystem where it ought to be.  
> on my linux boxen, i usually move root's home dir to / pretty early on.
> helps keep me out of bad habits, too.

I think that HERE is the basic confusion that a couple of people have
expressed.

The root of the file system is always "/".  That is not changeable.
Well, yes, you could call chroot().  Don't confuse me, I'm on a roll.
[;-)]

The home directory of the root account is ... well, wherever it's put.
It's not necessarily identical to the root of the file system, although
a good many Unix and Unix-like systems have traditionally placed it
there.  I have always left it wherever the installation program put it:
perhaps I have been being lazy.  Certainly, this sub-thread of the main
thread has presented arguments that to me are cogent and compelling for
putting it elsewhere than "/".

If you 'su' to "root", or (horrors!) go to the console and log in as
"root", and need to do something from the root of the file system, it's
easy enough to say "cd /".

Joe Yao				jsdy@cais.com - Joseph S. D. Yao

home help back first fref pref prev next nref lref last post