[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Excessive root usage in Debian

On Tue, 12 Oct 1999, David Starner wrote:

> On Tue, Oct 12, 1999 at 06:59:19AM -0700, Robert Jones wrote:
> > My I humbly suggest a group named 'maintenance' or 'config' or somesuch, in
> > addition to subsystem group names?  Each subsystem-user would of course have
> > ownership over its related control files, but they would be in the 'config'
> > group.  The admin may then add whomever he wants to be able to alter system
> > configurations and such to the 'config' group.
> I don't understand why that would be more secure than giving them root
> access. Even giving them access to /etc/vimrc would be a security loophole
> if root ran vim. Many - maybe most - config files let you run an arbitrary 
> program at some point.
There are at least three different aspects to consider:

1. protection against security compromises:
For this, giving anyone but root administrative power tends to open
security leaks. As you said, everybody who can alter config files (or
write to raw devices to run fsck or...) can compromise the whole system.
So everything you get are more accounts that have to be safeguarded at any

2. protection against faulty software, silly mistakes, etc.
This is an upside (most obvious example is only root can rm -rf

3. (social) organization:
A lot of people working as 'deputy' sysadmins feel they don't want to hack
the system, but will use the privileges officially given to them. This
could be made easier with the introduction of groups like config or the
like. Of course most of this can as well be achieved with sudo.

I am still unsure about the conclusion. On one hand, item 1. seems the
most important to me. On the other, I remember talking about related
issues to an experienced AIX sysadmin some time ago who told me:
"ugh, I would NEVER install programs as ROOT!".

Bj"orn Brill <brill@fs.math.uni-frankfurt.de>
Frankfurt am Main, Germany

Reply to: