bin owns stuff (was: Installing 4.3-Tahoe on a VAX)
Doug Gwyn
gwyn at smoke.ARPA
Wed Sep 14 19:30:26 AEST 1988
In article <21879 at sgi.SGI.COM> vjs at rhyolite.SGI.COM (Vernon Schryver) writes:
>In article <8481 at smoke.ARPA>, gwyn at smoke.ARPA (Doug Gwyn ) writes:
>> The basic idea is to avoid forcing the system administrator to act under
>> UID 0 unless absolutely necessary. Files owned by "bin" can be updated
>> by "bin" rather than "root".
>Should anyone besides root be allowed to 'update' sh or crontab?
Sure. I own the BRL Bourne shell on our systems, and crontab is
often writable to system administrators.
>Is there some <<risk>> with root owning things?
If you read carefully you will see that that's not what I said.
The risk lies in ACTING UNDER UID 0. All sorts of security
problems can be opened up inadvertently and in many cases may
remain undetected, since all permission checks are disabled for
UID 0. A well set-up UNIX system should reserve UID 0 for set-
UID programs, and only a few, carefully verified ones at that.
If you find yourself "going su" to do routine things, you
should give some thought to other ways of doing what is
necessary. For example, BRL has long had a "priv" utility that
runs set-UID 0 and gives appropriate privileges to specific
executables when run by specific IDs. The idea is to limit
the scope of UID 0 power in order to minimize damage.
More information about the Comp.bugs.4bsd.ucb-fixes
mailing list