Re: Newbie administrator

[Dave Sherohman <esper@sherohman.org>]

On Wed, Feb 26, 2003 at 05:42:43PM -0800, Alvin Oga wrote:
> and if i was admining your box... i'd "chmod 750 /sbin /usr/sbin"
> and hide/remove root passwds so that i can sleep late or wont be
> paged because something broke

...which, even if it doesn't break things (like another poster's
mention of pon/pppd), doesn't seem like it would do any good.  Even
ignoring the possibility of users building/copying their own version
of the binaries in (/usr)?/sbin (since this can be prevented by
having all user-writable filesystems mounted noexec - although this
isn't an option if you have developers on the box), there's still the
little detail that, in order to get them to do anything harmful, you
need root privileges.  And once an attacker is root, the 750
permissions won't stop him anyhow.  It only protects against people
who can't do any harm in the first place.

-- 
The freedoms that we enjoy presently are the most important victories of the
White Hats over the past several millennia, and it is vitally important that
we don't give them up now, only because we are frightened.
  - Eolake Stobblehouse (http://stobblehouse.com/text/battle.html)