From owner-freebsd-security  Thu Jan 25 07:31:26 1996
Return-Path: owner-security
Received: (from root@localhost)
          by freefall.freebsd.org (8.7.3/8.7.3) id HAA26595
          for security-outgoing; Thu, 25 Jan 1996 07:31:26 -0800 (PST)
Received: from passer.osg.gov.bc.ca (passer.osg.gov.bc.ca [142.32.110.29])
          by freefall.freebsd.org (8.7.3/8.7.3) with ESMTP id HAA26588
          for <security@freebsd.org>; Thu, 25 Jan 1996 07:31:22 -0800 (PST)
Received: from localhost (localhost [127.0.0.1]) by passer.osg.gov.bc.ca (8.7.3/8.6.10) with SMTP id HAA16987; Thu, 25 Jan 1996 07:30:29 -0800 (PST)
From: Cy Schubert - BCSC Open Systems Group <cschuber@uumail.gov.bc.ca>
Message-Id: <199601251530.HAA16987@passer.osg.gov.bc.ca>
X-Authentication-Warning: passer.osg.gov.bc.ca: Host localhost [127.0.0.1] didn't use HELO protocol
Reply-to: cschuber@orca.gov.bc.ca
X-Mailer: DXmail
To: James Seng <jseng@stf.org.sg>
cc: Nathan Lawson     <nlawson@statler.csc.calpoly.edu>,
        Michael Smith  <msmith@atrad.adelaide.edu.au>, security@freebsd.org
Subject: Re: Ownership of files/tcp_wrappers port  
In-reply-to: Your message of "Thu, 25 Jan 96 10:16:55 +0800."
             <Pine.BSD/.3.91.960125100635.22383A-100000@fire.stf.org.sg> 
Date: Thu, 25 Jan 96 07:30:29 -0800
X-Mts: smtp
Sender: owner-security@freebsd.org
Precedence: bulk

James Seng <jseng@stf.org.sg> wrote:
> On Wed, 24 Jan 1996, Nathan Lawson wrote:
> > Pardon me.  I was thinking of the many other nologin accounts that had a
> > null shell (meaning /bin/sh by default).
> 
> Actually, even if bin has /nonexistant as a shell in passwd, it can 
> still be login in various ways (rsh -l bin <machine> /bin/sh -i). In either 
> case, one more account, one more trouble..but somehow, i still prefer BSD 
> ways of letting bin own the binaries and not root like Linux..dunno why *8)
> Perhaps i think root have too much power? It seem like none or all solution. 
> In this aspect VMS is better i guess.

The reason bin exists in the first place is that when doing system maintenance 
you su to bin, do your maintenance, and exit.  This protects the sysadmin from 
access to too much preventing the obvious fat finger type of mistakes.  The 
protection bin is supposed to give the sysadmin is that access to user and 
critical system files is limited thereby limiting any potential damage done 
during system maintenance.  I don't know of anyone who follows this discipline 
nor do I know of any vendor who promotes it either.

Other than attempting to promote a management discipline, the ownership by bin 
of binaries on a local filesystem has little relevance, while on filesystems 
exported with write privileges it has more relevance.


Regards,                       Phone:  (604)389-3827
Cy Schubert                    OV/VM:  BCSC02(CSCHUBER)
Open Systems Support          BITNET:  CSCHUBER@BCSC02.BITNET
BC Systems Corp.            Internet:  cschuber@uumail.gov.bc.ca
                                       cschuber@bcsc02.gov.bc.ca

		"Quit spooling around, JES do it."