From owner-freebsd-questions  Thu Feb  3  9: 5:22 2000
Delivered-To: freebsd-questions@freebsd.org
Received: from fw.wintelcom.net (ns1.wintelcom.net [209.1.153.20])
	by builder.freebsd.org (Postfix) with ESMTP id 5537D3FEA
	for <freebsd-questions@FreeBSD.ORG>; Thu,  3 Feb 2000 09:05:19 -0800 (PST)
Received: (from bright@localhost)
	by fw.wintelcom.net (8.9.3/8.9.3) id JAA19203;
	Thu, 3 Feb 2000 09:29:44 -0800 (PST)
Date: Thu, 3 Feb 2000 09:29:44 -0800
From: Alfred Perlstein <bright@wintelcom.net>
To: Jonathon McKitrick <jcm@dogma.freebsd-uk.eu.org>
Cc: freebsd-questions@FreeBSD.ORG
Subject: Re: security for non-root sysadmins
Message-ID: <20000203092944.L25520@fw.wintelcom.net>
References: <Pine.BSF.4.21.0002031540210.14099-100000@dogma.freebsd-uk.eu.org>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
X-Mailer: Mutt 1.0.1i
In-Reply-To: <Pine.BSF.4.21.0002031540210.14099-100000@dogma.freebsd-uk.eu.org>; from jcm@dogma.freebsd-uk.eu.org on Thu, Feb 03, 2000 at 03:56:32PM +0000
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

* Jonathon McKitrick <jcm@dogma.freebsd-uk.eu.org> [000203 08:23] wrote:
> 
> Okay, one thing i have learned here is to use a user account for as
> much admin as possible.  I use su to do the rest.  I also read
> somewhere that if i change the permissions on /usr/ports/distfiles and
> one other directory (work?) i can make ports without being root.  What
> directory is that?  Are there any other changes like these i can make
> that will mean spending less time as root for admin tasks, like
> building work or kernel?  Is there a security risk in changing these
> directory permissions to less strict settings?

Yes, if you are too lax on your permissions all one needs to do is
modify a file within your source/ports tree to have a trojan'd program
installed when you do "make install/installworld"

-Alfred


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message