[795] in linux-security and linux-alert archive
Re: [linux-security] standard users,groups,perms?
daemon@ATHENA.MIT.EDU (Tomasz Surmacz)
Wed Jun 12 19:01:37 1996
From: Tomasz Surmacz <ts@papaja.wroc.apk.net>
To: linux-security@tarsier.cv.nrao.edu
Date: Wed, 12 Jun 1996 02:21:30 +0200 (MET DST)
In-Reply-To: <199606110134.VAA10280@microhertz.njit.edu> from "Matthew J. Hill" at Jun 10, 96 09:34:57 pm
[Mod: This is starting to get "what if"'d to death. IMHO, it's time to
wind this thread down; everyone has their own approaches, and will tend
to stick with the one that's most comfortable/usable.... --Jeff.]
matt@microhertz.njit.edu (Matthew J. Hill) quoted me:
>
> > Why? Does root's home directory really need to be / ? It's really
> > annoying to have all those /Mail, /.cshrc, /.profile, /.exrc, /.history
...
> i think this brings up another important security issue, perhaps not quite
> so linux-related, but relevant nonetheless. why does root have Mail,
> .cshrc, .profile, etc. files? there is no reason for this. in fact, i
Well... there are some.
- Sometimes, you REALLY have to do something as root. Having
some 'nice' environment helping you mistyping some
/too/lenghty/paths/to/be/remembered/correctly is not a bad idea.
- I have seen systems, that put '.' in the path of EVERY users (including
root) by default, with no ways to change it by some system-wide config
file. The only way to prevent root from having '.' in path is then
initializing path in .cshrc or .profile (Well.. I know root's shell
should be /sbin/sh, but I usually also have another root account
(say 'rootts') which is a bit more customized to make doing regular
administration tasks easier - having a single home for all root accounts
simplifies taking care of security)
- Setting prompt to explicitly tell you the machine name, the directory
and that you have the root power, also prevents many mistakes (like
deleting the right file in the right place, but on the wrong machine).
- When you have cow-orkers having root privileges too, it is also a good
idea to have a .history or .bash_history file which can tell you what
has been done recently (not a big win, but can help anyway).
> another, equally important issue, is the use of dotfiles. root shouldn't
> have any. *any.* since root's shell should be /bin/sh, .cshrc does you
> no good. and .profile can only muck things up... having anything other
> than /usr/bin:/usr/sbin in your path can be a security hole, root
What about /usr/local/sbin (if you start putting some nonstandard
sysadm-oriented files there) and /sbin? What about the .ssh directory?
What if your machine runs constatntly xdm on the console and you cannot
login as root inthe 'text mode' but only in X11 session?
> shouldn't have aliases, environment variables can be set by hand after you
> log in. fancy prompts and "alias rm='rm -i'" can only muck things up,
> espically if multiple users share the root account.
I agree with you about this 'alias rm' example, but there are other, that
are really useful and cannot do any harm. Like 'alias mc mv' to prevent
you from running midnight commander when you mistype 'mv'. And typing
'alias ll ls -al' every time I do a 'su' does not seem very conveneint
to me... Also - one of my favourite ways to move around the filesystem
is to have a set of:
set uucp=/usr/spool/uucp
set uucfg=/usr/local/lib/uucp/config
...
statements and the using 'cd $uucp' to jump there. The less you type, the
less can you mistype... having a reasonable set of aliases, variables
and paths can only prevent you from doing something bad. (and I really
like to have 'setenv TAPE /dev/rmt/0n' on Solaris in order NOT to rewind
the tape and overwrite the last backup, when I mistakenly forget to put
the right device name to 'mt' or 'tar'...)
> root also doesn't need to have personal filespace... remember the whole
> filesystem is his personal files space. old .tar.gz files can be stored
> in /usr/local/src, etc etc...
Generally - yes, but then - I also have some scripts (like adding a
new user, cleaning some old unnecessary logs, backing up the system,
etc.), which really do not need to be seen by other users, so they end
up in ~root/bin.
> and remember, root should not be too comfortable. if you have to type
> /usr/local/sbin/my_strange_script all the time, you're less apt to run the
> wrong one by accident. plus, the less time you spend as root, the better.
But you are more prone to end up typing it twice or even more times,
if you don't get the right path the first time.
> > [1] BTW. I once had to clean the mess after the wanna-be system
> > administrator, who after discovering that root's home was /root (on a
...
> sounds horrible. couldn't we all avoid this type of stuff by (1) keeping
> the root password out of the hands of morons, and (2) putting the root of
> the filesystem where it ought to be.
Well, he was supposed to learn more before doing things like that, but (1)
- it was his system, not mine, (2) - people like this one will always find
another way to 'rm -rf /tmp/.*' or something like this. (BTW. How can
you put 'the root of the file system' somewhere other than '/'? ;-) )
> on my linux boxen, i usually move root's home dir to / pretty early on.
> helps keep me out of bad habits, too.
Well.. I would say that there are pros and cons for both approaches
and I would stick to what I am already used to :-)
Tomasz
--
_________
(_ _' __) Tomasz R. Surmacz *---* Work:(071)202636, tsurmacz@ict.pwr.wroc.pl
| (__ \ http://www.ict.pwr.wroc.pl/~tsurmacz/ *----* Home: ts@wroc.apk.net
|__(____/ For PGP key finger tsurmacz@asic.ict.pwr.wroc.pl *---* irc: TomekS