From owner-freebsd-security@FreeBSD.ORG Fri Jun 22 21:42:34 2012 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id EC8841065672 for ; Fri, 22 Jun 2012 21:42:34 +0000 (UTC) (envelope-from clbuisson@orange.fr) Received: from smtp.smtpout.orange.fr (smtp01.smtpout.orange.fr [80.12.242.123]) by mx1.freebsd.org (Postfix) with ESMTP id 8CD0C8FC14 for ; Fri, 22 Jun 2012 21:42:34 +0000 (UTC) Received: from localhost ([92.162.141.186]) by mwinf5d53 with ME id RZiY1j00641W1Bw03ZiYcJ; Fri, 22 Jun 2012 23:42:33 +0200 Message-ID: <4FE4E6C8.2030300@orange.fr> Date: Fri, 22 Jun 2012 23:42:32 +0200 From: Claude Buisson User-Agent: Mozilla/5.0 (X11; U; FreeBSD i386; en-US; rv:1.9.2.28) Gecko/20120315 Thunderbird/3.1.20 MIME-Version: 1.0 To: freebsd-security@freebsd.org References: <201206221343.q5MDhmvS045187@fire.js.berklix.net> <4FE4BABA.2020802@gmx.de> In-Reply-To: <4FE4BABA.2020802@gmx.de> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Subject: Re: / owned by bin causes sshd to complain bad ownership X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 22 Jun 2012 21:42:35 -0000 On 06/22/2012 20:34, olli hauer wrote: > On 2012-06-22 15:43, Julian H. Stacey wrote: >> Hi freebsd-security@freebsd.org >> On an 8.3-RELEASE running sshd, /var/log/auth.log >> Jun 22 12:54:06 lapr sshd[57505]: Authentication refused: >> bad ownership or modes for directory / >> Until I did >> chown 0:0 / >> ( It was previously >> drwxr-xr-x 25 bin bin 1024 Jun 20 19:53 ./ >> ) >> The chown is consistent with all of 8.3 /bin also being root& not bin, >> >> BUT >> >> Over use of Root seems Bad. >> Our ownership scheme has degraded compared to early 1980s Unix, where >> most bin& lib files& dirs were owned by bin, except for >> - a few SUID bins that Needed root >> - occasional administrator droppings, >> temporary accidental files that glared at the eyeball, >> as root, cos near all else was just bin. >> >> IMO very little in a system should be user root. >> >> Apologies, but to guide replies : >> (after threads burnt by a troll on another list) >> I'd not appreciate replies just along the lines of >> "It has to be to satisfy existing software". >> I'd much rather receive replies along lines of >> "What would be best ownership scheme, advantages& >> disadvantages + should we change anything ?" >> > > > > Hm, I just found an old Dennis_v5 release from 1974 and / was set to 0:3 which is today root:sys and not to 2:2 > > If you look hard enough you will can find the v5root.tar.gz from 1974 on unixarchive.cn-k dot de or some other mirrors ;) > > cvsweb.cgi/src/etc/mtree/BSD.root.dist?only_with_tag=MAIN Revision 1.29: download - view: text, markup, annotated - select for diffs Mon Sep 14 08:34:45 1998 UTC (13 years, 9 months ago) by obrien Branches: MAIN Diff to: previous 1.28: preferred, colored Changes since revision 1.28: +6 -6 lines Change file ownership from bin.bin to root.wheel. This is the start of it for FreeBSD, going from 2.2.X to 3.X > -- > Regards, > olli You are welcom, Claude Buisson