From owner-freebsd-questions  Tue Jul  2 18:33:41 1996
Return-Path: owner-questions
Received: (from root@localhost)
          by freefall.freebsd.org (8.7.5/8.7.3) id SAA23361
          for questions-outgoing; Tue, 2 Jul 1996 18:33:41 -0700 (PDT)
Received: from ime.net (ime.net [204.97.248.4])
          by freefall.freebsd.org (8.7.5/8.7.3) with ESMTP id SAA23347
          for <questions@freebsd.org>; Tue, 2 Jul 1996 18:33:37 -0700 (PDT)
Received: from kimiko.tcguy.net (buxton-6.ime.net [206.231.148.135]) by ime.net (8.7.4/8.6.12) with SMTP id VAA14514; Tue, 2 Jul 1996 21:32:02 -0400 (EDT)
Message-ID: <31D9CDBA.1E3C@ime.net>
Date: Tue, 02 Jul 1996 21:32:43 -0400
From: Gary Chrysler <tcg@ime.net>
Reply-To: tcg@ime.net
Organization: The Computer Guy
X-Mailer: Mozilla 3.0b4Gold (Win95; I)
MIME-Version: 1.0
To: James Raynard <fqueries@jraynard.demon.co.uk>
CC: jimd@mistery.mcafee.com, dwhite@resnet.uoregon.edu, questions@freebsd.org
Subject: Re: src tree owners
References: <199607022008.UAA00658@jraynard.demon.co.uk>
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Sender: owner-questions@freebsd.org
X-Loop: FreeBSD.org
Precedence: bulk

James Raynard wrote:
> 
> > > > On Unix, the `proper` way is for configuration files to be owned by
> > > > root - it's not a good idea to allow just anybody to change them!
> > >
> > > I Agree! My question was/is about the Source tree!
> 
> I originally wrote "critical files such as source code or
> configuration files", then changed my mind and deleted the wrong bit.
> Sorry about that :-(
> 
> >       You might consider simply adding yourself to the 'bin' group
> 
> Yep, just edit /etc/group.
> 
> >       (and setting the SGID bit on the directories).  The default
> 
> Actually, there's no need to set the SGID bit on the directories, as
> BSD systems automatically pass the group ownership on to any new
> sub-directories created in the current directory - see mkdir(2).
> 
> >       configuration seems to leave the sources g+w and owned by
> >       root.bin.
> 
> Something that just occurred to me - doesn't some network backup
> software require a .rhosts file for the user "bin"? If so, doesn't
> this leave the system source code potentially vulnerable?
> 
> >       In a multi-user environment you should consider installing
> >       tripwire and being particularly careful to monitor it for
> >       source tree changes.  Anyone who can get a simply change into
> >       any source file -- and get 'root' to build it can effectively
> >       take control of the entire system. (This is true of the system
> >       binaries as well -- but more insidious).
> 
> Very true.

I'm soaking up the knowledge and enjoying it.. :)
Thanks.

-Enjoy
Gary
~~~~~~~~~~~~~~~~
Improve America's Knowledge... Share yours
The Borg... Where minds meet
(207) 929-3848