From: jbuck@forney.berkeley.edu (Joe Buck) Newsgroups: alt.security Subject: Ownership by "bin" instead of by "root" Date: 3 Mar 1992 21:12:01 GMT Organization: University of California, Berkeley Message-ID: References: <1992Mar2.145559.3166@pool.info.sunyit.edu> In article , seaney@robios.me.wisc.edu (Steve Seaney) writes: |> Question ( on a side note ) on our Sparcs Sun has set the /etc |> ownership to: |> drwxr-sr-x 9 bin staff 2048 Feb 28 11:10 etc/ |> Should this be changed? Can I expect any problems when it is changed? If you're in an NFS environment, I would recommend changing the owner of /etc to root. The reason is that if someone cracks root on a machine that your machine "trusts" (because of /etc/hosts.equiv or for some other reason), that someone can say "su bin" and then your system will believe he should be treated as "bin" on your system, and he'll have the power to install anything he wants into the /etc/ directory. But "root" is special: NFS, rsh, etc, treat root on some other system as "nobody" on your system, so that if someone cracks root on a system you trust, he's still only a generic normal user on your system. This'll at least slow a good cracker down a bit. Conclusion: if you use NFS, rsh, rlogin, rcp, etc., then all system-critical files and directories (/etc, /bin, /usr/bin, etc, and everything in them) should be owned by root and writable only by root. The habit of having "bin" own things, or having a special "staff"/"wheel" group that could modify things, comes from pre-NFS days and it's no longer safe. -- Joe Buck jbuck@ohm.berkeley.edu