From owner-freebsd-security@FreeBSD.ORG Fri Jun 22 18:34:41 2012 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 4D89510657B9 for ; Fri, 22 Jun 2012 18:34:41 +0000 (UTC) (envelope-from ohauer@gmx.de) Received: from mailout-de.gmx.net (mailout-de.gmx.net [213.165.64.22]) by mx1.freebsd.org (Postfix) with SMTP id 982078FC08 for ; Fri, 22 Jun 2012 18:34:40 +0000 (UTC) Received: (qmail invoked by alias); 22 Jun 2012 18:34:34 -0000 Received: from p578be941.dip0.t-ipconnect.de (EHLO [192.168.0.100]) [87.139.233.65] by mail.gmx.net (mp010) with SMTP; 22 Jun 2012 20:34:34 +0200 X-Authenticated: #1956535 X-Provags-ID: V01U2FsdGVkX1+u0UoyYcWuSZrfRw+UZG6QKRUt0dd+Iw6tmUrVsA ZJ/Fa7W5xJcX9l Message-ID: <4FE4BABA.2020802@gmx.de> Date: Fri, 22 Jun 2012 20:34:34 +0200 From: olli hauer User-Agent: Mozilla/5.0 (Windows NT 5.1; rv:13.0) Gecko/20120614 Thunderbird/13.0.1 MIME-Version: 1.0 To: freebsd-security@freebsd.org References: <201206221343.q5MDhmvS045187@fire.js.berklix.net> In-Reply-To: <201206221343.q5MDhmvS045187@fire.js.berklix.net> X-Enigmail-Version: 1.4.2 Content-Type: text/plain; charset=ISO-8859-15 Content-Transfer-Encoding: 7bit X-Y-GMX-Trusted: 0 Subject: Re: / owned by bin causes sshd to complain bad ownership X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 22 Jun 2012 18:34:41 -0000 On 2012-06-22 15:43, Julian H. Stacey wrote: > Hi freebsd-security@freebsd.org > On an 8.3-RELEASE running sshd, /var/log/auth.log > Jun 22 12:54:06 lapr sshd[57505]: Authentication refused: > bad ownership or modes for directory / > Until I did > chown 0:0 / > ( It was previously > drwxr-xr-x 25 bin bin 1024 Jun 20 19:53 ./ > ) > The chown is consistent with all of 8.3 /bin also being root & not bin, > > BUT > > Over use of Root seems Bad. > Our ownership scheme has degraded compared to early 1980s Unix, where > most bin & lib files & dirs were owned by bin, except for > - a few SUID bins that Needed root > - occasional administrator droppings, > temporary accidental files that glared at the eyeball, > as root, cos near all else was just bin. > > IMO very little in a system should be user root. > > Apologies, but to guide replies : > (after threads burnt by a troll on another list) > I'd not appreciate replies just along the lines of > "It has to be to satisfy existing software". > I'd much rather receive replies along lines of > "What would be best ownership scheme, advantages & > disadvantages + should we change anything ?" > Hm, I just found an old Dennis_v5 release from 1974 and / was set to 0:3 which is today root:sys and not to 2:2 If you look hard enough you will can find the v5root.tar.gz from 1974 on unixarchive.cn-k dot de or some other mirrors ;) -- Regards, olli