Date: Fri, 22 Jun 2012 10:24:55 -0700 From: Fahad <fahad@budacom.net> To: freebsd-security@freebsd.org Subject: Re: / owned by bin causes sshd to complain bad ownership Message-ID: <4FE4AA67.4060900@budacom.net> In-Reply-To: <op.wgbcfrwf34t2sn@tech304> References: <201206221343.q5MDhmvS045187@fire.js.berklix.net> <20120622155928.GA9983@DataIX.net> <op.wgbcfrwf34t2sn@tech304>
next in thread | previous in thread | raw e-mail | index | archive | help
As Mark put it, if everything is owned by bin you would need to be root to do anything. Where is the benefit in this ?, you mentioned stupid junior admins , well in that case have a better hiring process , no need to obfuscate the current setup. On 06/22/2012 09:36 AM, Mark Felder wrote: > On Fri, 22 Jun 2012 10:59:28 -0500, Jason Hellenthal > <jhellenthal@dataix.net> wrote: > >> >> Security principles are well laid out and have not changed in a long >> time. Vering away from those principles will cause a LOT of >> administrative overhead as most software out there can expect a sane >> environment if / is root:wheel > > Well he claims that bin owned everything back in the day and I didn't > touch a *nix system until long after the time he describes. I can't > imagine the benefit or functionality of a system with bin owning > everything.... if everything precious is owned by bin, and bin isn't a > standard system user, someone would have to elevate to root to do > anything nasty. In the current setup you'd have to elevate to root to > do something nasty. > > I see no benefit in binaries or libraries being owned by bin. > _______________________________________________ > freebsd-security@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-security > To unsubscribe, send any mail to > "freebsd-security-unsubscribe@freebsd.org"
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4FE4AA67.4060900>