Re: / owned by bin causes sshd to complain bad ownership

看板FB_security作者時間13年前 (2012/06/23 06:01), 編輯推噓0(000)
留言0則, 0人參與, 最新討論串10/17 (看更多)
On 06/22/2012 20:34, olli hauer wrote: > On 2012-06-22 15:43, Julian H. Stacey wrote: >> Hi freebsd-security@freebsd.org >> On an 8.3-RELEASE running sshd, /var/log/auth.log >> Jun 22 12:54:06 lapr sshd[57505]: Authentication refused: >> bad ownership or modes for directory / >> Until I did >> chown 0:0 / >> ( It was previously >> drwxr-xr-x 25 bin bin 1024 Jun 20 19:53 ./ >> ) >> The chown is consistent with all of 8.3 /bin also being root& not bin, >> >> BUT >> >> Over use of Root seems Bad. >> Our ownership scheme has degraded compared to early 1980s Unix, where >> most bin& lib files& dirs were owned by bin, except for >> - a few SUID bins that Needed root >> - occasional administrator droppings, >> temporary accidental files that glared at the eyeball, >> as root, cos near all else was just bin. >> >> IMO very little in a system should be user root. >> >> Apologies, but to guide replies : >> (after threads burnt by a troll on another list) >> I'd not appreciate replies just along the lines of >> "It has to be to satisfy existing software". >> I'd much rather receive replies along lines of >> "What would be best ownership scheme, advantages& >> disadvantages + should we change anything ?" >> > > > > Hm, I just found an old Dennis_v5 release from 1974 and / was set to 0:3 which is today root:sys and not to 2:2 > > If you look hard enough you will can find the v5root.tar.gz from 1974 on unixarchive.cn-k dot de or some other mirrors ;) > > cvsweb.cgi/src/etc/mtree/BSD.root.dist?only_with_tag=MAIN Revision 1.29: download - view: text, markup, annotated - select for diffs Mon Sep 14 08:34:45 1998 UTC (13 years, 9 months ago) by obrien Branches: MAIN Diff to: previous 1.28: preferred, colored Changes since revision 1.28: +6 -6 lines Change file ownership from bin.bin to root.wheel. This is the start of it for FreeBSD, going from 2.2.X to 3.X > -- > Regards, > olli You are welcom, Claude Buisson _______________________________________________ freebsd-security@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-security To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"
更多 clbuisson. 的文章
文章代碼(AID): #1FvEiV6M (FB_security)
討論串 (同標題文章)
完整討論串 (本文為第 10 之 17 篇):
排序: 最新先 | 最舊先 | 留言數
在新視窗開啟完整討論串 (共17篇)
更多 clbuisson. 的文章
文章代碼(AID): #1FvEiV6M (FB_security)