Date: Tue, 22 Jul 1997 09:25:41 +0200 From: sthaug@nethelp.no To: terry@lambert.org Cc: hackers@FreeBSD.ORG Subject: Re: sendmail complains about being unable to write his pid file Message-ID: <2688.869556341@verdi.nethelp.no> In-Reply-To: Your message of "Mon, 21 Jul 1997 17:23:14 -0700 (MST)" References: <199707220023.RAA12174@phaeton.artisoft.com>
next in thread | previous in thread | raw e-mail | index | archive | help
> > : Can you please explain how root ownership makes something more secure? > > > > Files owned by root are harder to change via NFS than files owned by > > bin. root access n NFS is generally blocked, but no so with other, > > non-zero uids. > > This only argues for read-only export of / and /user FS's, as far > as I can see, and not for root rather than bin ownership of files or > directories themselves. The only argument I've heard so far *for* the bin ownership is Terry Lambert's: > The ability to update machines remotely via NFS, which proxies root > as "nobody" in most sane configurations. But if you export the file systems read-only, you can't perform remote updates via NFS. If you *do* export the file systems read-write, in order to enable remote updates, you're at the mercy of any machine that can mount file systems (or guess file handles) from your machine. I've been the administrator for several large NFS-based installations. We *never* did remote updates of /, /bin etc. via NFS, it was always rdist or a tar/rsh-pipe. These days I'd probably use a similar but ssh-based method. As for Terry's other comment, > OK, I don't understand why you believe that something being owned by > root, an account with password access, the password for which is > succeptible to being cracked, is somehow more secure than ownership > by bin, an account without password access and therefore *not* > succeptible to being cracked. In the absence of NFS, having a program owned by root instead of bin may not be more secure. But it is certainly no *less* secure - if my root account is cracked then file ownership of bin means nothing anyway. So in short: I want root ownership as default because it is *no less* secure for a local (non-NFS) installation, and is *more secure* in the presence of NFS. Steinar Haug, Nethelp consulting, sthaug@nethelp.no
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?2688.869556341>