Should standard binaries & directories revert from uid=root to bin ?
Julian H. Stacey
jhs at berklix.com
Fri Mar 30 15:16:23 UTC 2012
Hi arch@
Time was, (& I can go back over 25 years here, but more recently too :-)
When standard Unix non SUID executables such as wc would be UID=bin,
GID=bin, & not root. Ditto bin/ & lib/ etc directories.
One advantage was:
Anything that showed up with ls -l as UID=0 was either a SUID
special, known to the admin's eye, or some administrative dropping,
mistakenly created by someone logged in as root, to be reviewed/
regenerated/ deleted.
Now all is UID=0. Why ? What advantage did it bring ?
Obviously some SUID & SGID executables need 0 (some could need just bin!)
but most files & directories do not need UID 0.
BTW, How I noticed this :
I was tracing why
/usr/sbin/sshd -d -d -d -D
was erroring:
debug3: secure_filename: checking '/.amd_mnt/sshd_host/ad4s1/usr1/home'
Authentication refused: bad ownership or modes for directory
/.amd_mnt/sshd_host/ad4s1/usr1/home
just because my ~/.ssh was symbolicaly linked via AMD+NFS mounted on another
host, & there an intermediate directory was owned by bin & not root,
ls -la /host/sshd_host/ad4s1/usr1/home
drwxr-xr-x 18 bin bin 512 Mar 6 11:56 ./
so I had to
chown root:wheel /ad4s1/usr1/home
Just to satisfy sshd being pointlessly strict, as directory was 755.
So we have sshd that's pointlessly strict, & ownerships that seem
to have near all lost their precision. A funny combo ;-)
Might others tackle the generic over use of root ?
If so I could create a patch to send-pr ssh ?
(but as ssh is an import, maybe just report & not [yet?] patch ?)
Cheers,
Julian
--
Julian Stacey, BSD Unix Linux C Sys Eng Consultants Munich http://berklix.com
Reply below not above, cumulative like a play script, & indent with "> ".
Format: Plain text. Not HTML, multipart/alternative, base64, quoted-printable.
Mail from @yahoo dumped @berklix. http://berklix.org/yahoo/
More information about the freebsd-arch
mailing list