From owner-freebsd-arch@FreeBSD.ORG Fri Mar 30 15:16:23 2012 Return-Path: Delivered-To: arch@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 6F529106567C for ; Fri, 30 Mar 2012 15:16:23 +0000 (UTC) (envelope-from jhs@berklix.com) Received: from tower.berklix.org (tower.berklix.org [83.236.223.114]) by mx1.freebsd.org (Postfix) with ESMTP id D13628FC1F for ; Fri, 30 Mar 2012 15:16:22 +0000 (UTC) Received: from mart.js.berklix.net (pD9FBF32C.dip.t-dialin.net [217.251.243.44]) (authenticated bits=0) by tower.berklix.org (8.14.2/8.14.2) with ESMTP id q2UFGJt4040496 for ; Fri, 30 Mar 2012 15:16:20 GMT (envelope-from jhs@berklix.com) Received: from fire.js.berklix.net (fire.js.berklix.net [192.168.91.41]) by mart.js.berklix.net (8.14.3/8.14.3) with ESMTP id q2UFG9xI026729 for ; Fri, 30 Mar 2012 17:16:09 +0200 (CEST) (envelope-from jhs@berklix.com) Received: from fire.js.berklix.net (localhost [127.0.0.1]) by fire.js.berklix.net (8.14.4/8.14.4) with ESMTP id q2UFG3ee013758 for ; Fri, 30 Mar 2012 17:16:09 +0200 (CEST) (envelope-from jhs@fire.js.berklix.net) Message-Id: <201203301516.q2UFG3ee013758@fire.js.berklix.net> To: arch@freebsd.org From: "Julian H. Stacey" Organization: http://berklix.com BSD Linux Unix Consultancy, Munich Germany User-agent: EXMH on FreeBSD http://www.berklix.com/free/ X-URL: http://www.berklix.com/~jhs/cv/ Date: Fri, 30 Mar 2012 17:16:03 +0200 Sender: jhs@berklix.com Cc: Subject: Should standard binaries & directories revert from uid=root to bin ? X-BeenThere: freebsd-arch@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Discussion related to FreeBSD architecture List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 30 Mar 2012 15:16:23 -0000 Hi arch@ Time was, (& I can go back over 25 years here, but more recently too :-) When standard Unix non SUID executables such as wc would be UID=bin, GID=bin, & not root. Ditto bin/ & lib/ etc directories. One advantage was: Anything that showed up with ls -l as UID=0 was either a SUID special, known to the admin's eye, or some administrative dropping, mistakenly created by someone logged in as root, to be reviewed/ regenerated/ deleted. Now all is UID=0. Why ? What advantage did it bring ? Obviously some SUID & SGID executables need 0 (some could need just bin!) but most files & directories do not need UID 0. BTW, How I noticed this : I was tracing why /usr/sbin/sshd -d -d -d -D was erroring: debug3: secure_filename: checking '/.amd_mnt/sshd_host/ad4s1/usr1/home' Authentication refused: bad ownership or modes for directory /.amd_mnt/sshd_host/ad4s1/usr1/home just because my ~/.ssh was symbolicaly linked via AMD+NFS mounted on another host, & there an intermediate directory was owned by bin & not root, ls -la /host/sshd_host/ad4s1/usr1/home drwxr-xr-x 18 bin bin 512 Mar 6 11:56 ./ so I had to chown root:wheel /ad4s1/usr1/home Just to satisfy sshd being pointlessly strict, as directory was 755. So we have sshd that's pointlessly strict, & ownerships that seem to have near all lost their precision. A funny combo ;-) Might others tackle the generic over use of root ? If so I could create a patch to send-pr ssh ? (but as ssh is an import, maybe just report & not [yet?] patch ?) Cheers, Julian -- Julian Stacey, BSD Unix Linux C Sys Eng Consultants Munich http://berklix.com Reply below not above, cumulative like a play script, & indent with "> ". Format: Plain text. Not HTML, multipart/alternative, base64, quoted-printable. Mail from @yahoo dumped @berklix. http://berklix.org/yahoo/