From owner-freebsd-hackers  Sun Jul 20 17:08:13 1997
Return-Path: <owner-freebsd-hackers>
Received: (from root@localhost)
          by hub.freebsd.org (8.8.5/8.8.5) id RAA09304
          for hackers-outgoing; Sun, 20 Jul 1997 17:08:13 -0700 (PDT)
Received: from verdi.nethelp.no (verdi.nethelp.no [195.1.171.130])
          by hub.freebsd.org (8.8.5/8.8.5) with SMTP id RAA09299
          for <hackers@FreeBSD.ORG>; Sun, 20 Jul 1997 17:08:09 -0700 (PDT)
From: sthaug@nethelp.no
Received: (qmail 24272 invoked by uid 1001); 21 Jul 1997 00:08:03 +0000 (GMT)
To: terry@lambert.org
Cc: andreas@klemm.gtn.com, hackers@FreeBSD.ORG
Subject: Re: sendmail complains about being unable to write his pid file
In-Reply-To: Your message of "Sun, 20 Jul 1997 16:13:59 -0700 (MST)"
References: <199707202313.QAA09972@phaeton.artisoft.com>
X-Mailer: Mew version 1.05+ on Emacs 19.28.2
Mime-Version: 1.0
Content-Type: Text/Plain; charset=us-ascii
Date: Mon, 21 Jul 1997 02:08:03 +0200
Message-ID: <24270.869443683@verdi.nethelp.no>
Sender: owner-freebsd-hackers@FreeBSD.ORG
X-Loop: FreeBSD.org
Precedence: bulk

> > Yes, but the question stands - why is it setup this way? What is gained
> > by having binaries (and important directories) owned by bin instead of
> > root?
> 
> The ability to update machines remotely via NFS, which proxies root
> as "nobody" in most sane configurations.

Certainly - for a corresponding decrease in security. I'd like to have
the tighter security be the default. Or at least have it as an option
when installing.

Steinar Haug, Nethelp consulting, sthaug@nethelp.no