Skip site navigation (1)Skip section navigation (2) 
Date:      Thu, 25 Jan 96 07:30:29 -0800
From:      Cy Schubert - BCSC Open Systems Group <cschuber@uumail.gov.bc.ca>
To:        James Seng <jseng@stf.org.sg>
Cc:        Nathan Lawson     <nlawson@statler.csc.calpoly.edu>, Michael Smith  <msmith@atrad.adelaide.edu.au>, security@freebsd.org
Subject:   Re: Ownership of files/tcp_wrappers port  
Message-ID:  <199601251530.HAA16987@passer.osg.gov.bc.ca>
In-Reply-To: Your message of "Thu, 25 Jan 96 10:16:55 %2B0800." <Pine.BSD/.3.91.960125100635.22383A-100000@fire.stf.org.sg>
next in thread | previous in thread | raw e-mail | index | archive | help 
James Seng <jseng@stf.org.sg> wrote:
> On Wed, 24 Jan 1996, Nathan Lawson wrote:
> > Pardon me.  I was thinking of the many other nologin accounts that had a
> > null shell (meaning /bin/sh by default).
> 
> Actually, even if bin has /nonexistant as a shell in passwd, it can 
> still be login in various ways (rsh -l bin <machine> /bin/sh -i). In either 
> case, one more account, one more trouble..but somehow, i still prefer BSD 
> ways of letting bin own the binaries and not root like Linux..dunno why *8)
> Perhaps i think root have too much power? It seem like none or all solution. 
> In this aspect VMS is better i guess.

The reason bin exists in the first place is that when doing system maintenance 
you su to bin, do your maintenance, and exit.  This protects the sysadmin from 
access to too much preventing the obvious fat finger type of mistakes.  The 
protection bin is supposed to give the sysadmin is that access to user and 
critical system files is limited thereby limiting any potential damage done 
during system maintenance.  I don't know of anyone who follows this discipline 
nor do I know of any vendor who promotes it either.

Other than attempting to promote a management discipline, the ownership by bin 
of binaries on a local filesystem has little relevance, while on filesystems 
exported with write privileges it has more relevance.


Regards,                       Phone:  (604)389-3827
Cy Schubert                    OV/VM:  BCSC02(CSCHUBER)
Open Systems Support          BITNET:  CSCHUBER@BCSC02.BITNET
BC Systems Corp.            Internet:  cschuber@uumail.gov.bc.ca
                                       cschuber@bcsc02.gov.bc.ca

		"Quit spooling around, JES do it."

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199601251530.HAA16987>