Re: Rationale

To: debian-user@lists.debian.org
Subject: Re: Rationale
From: Paul Morgan <paulswm@earthlink.net>
Date: Tue, 02 Dec 2003 15:27:20 -0500
Message-id: <[🔎] pan.2003.12.02.20.27.11.795962@earthlink.net>
References: <1070229694.541.111.camel@nmscow12.deven1.ov.home.nl> <[🔎] 1070304382.542.35.camel@nmscow12.deven1.ov.home.nl> <[🔎] pan.2003.12.01.19.09.20.208659@earthlink.net> <[🔎] 3FCBADD2.3090001@orrison.com>

On Mon, 01 Dec 2003 21:08:34 +0000, Randy Orrison wrote:

> Paul Morgan wrote:
>> The key in any case is to protect your /usr/local... from anyone except
>> root writing to it, and also not to put current directory in root's path. 
> 
> Excellent idea.  Too bad debian doesn't do that out of the box.
> 
>> /usr/local... doesn't exist so non-admins can put commands in there;  they
>> should be putting them in somewhere in their /home or in their apps
>> directories.
> 
> I think the point here is that the default debian install leaves 
> /usr/local/bin writable by group staff.  This is an easy privilege 
> escalation route, if someone gets a staff group account and drops 
> replacement executables in /usr/local/bin.
> 
>  From the debian reference, section 9.2.3: "staff membership is useful 
> for helpdesk types or junior sysadmins, giving them the ability to do 
> things in /usr/local and to create directories in /home" -- would you 
> trust them with root?
> 
> No, root shouldn't have /usr/local/[s]bin in its path before the 
> standard directories.  If root wants customised binaries that override 
> system standard ones, he should customise his path himself to include 
> /root/bin and make sure no-one else has write access to it.  You could 
> probably make a case for root not having *any* directories *anywhere* in 
> its path that are writable by anyone other than root.
> 
> Randy

Default debian install creates no usr/local directories, at least it never
has for me.

Also, default debian installation does *not* put cwd in root's path.

And, note that the debian reference that you quoted doesn't say anything
about /usr/local/bin or sbin, just that they should be able to do things
in /usr/local.  IMO /usr/local/bin and sbin are production directories and
nothing should go in there which hasn't gone through the site's normal
production QA and change/version control procedures, so root need be the
only person who writes in there, used by the version control manager,
maybe.

-- 
....................paul

"Reports that say that something hasn't happened are always interesting
to me, because as we know, there are known knowns; there are things we
know we know.  We also know there are known unknowns; that is to say we
know there are some things we do not know. But there are also unknown
unknowns - the ones we don't know we don't know."

- Donald Rumsfeld, US Secretary of Defense, Winner of British Plain
  English Campaign's 2003 "Foot in Mouth" award.

Reply to:

Follow-Ups:
- Re: Rationale
  - From: Paul Morgan <paulswm@earthlink.net>

References:
- Re: Rationale
  - From: John Smith <netman1@home.nl>
- Re: Rationale
  - From: Paul Morgan <paulswm@earthlink.net>
- Re: Rationale
  - From: Randy Orrison <randy@orrison.com>

Prev by Date: Re: Problems accessing <http://people.debian.org>
Next by Date: Re: Kernel Security Update - 2.2?
Previous by thread: Re: Rationale
Next by thread: Re: Rationale
Index(es):
- Date
- Thread