Path: utzoo!mnetor!uunet!vsi!friedl From: friedl@vsi.UUCP (Stephen J. Friedl) Newsgroups: comp.unix.wizards Subject: Re: Why does "root" own everything? Message-ID: <387@vsi.UUCP> Date: 13 Mar 88 19:30:50 GMT References: <5209@uwmcsd1.UUCP> Distribution: na Organization: V-Systems -- Santa Ana, CA Lines: 55 Summary: dunno, maybe some good reasons In article <5209@uwmcsd1.UUCP>, jgd@csd1.milw.wisc.edu (John G Dobnick,EMS E380,5727,) writes: > After nosing around in source directories, and after looking at various > installation scripts, I was struck by a curiosity. After thinking about > the file security features of UNIX, and their total lack of applicability > to "root", I was even more struck by this same curiosity. > > Why does "root" seem to "own" everything? Why is almost *all* installed > software (at least that which is supplied *with* the stock system) installed > by "root"? [I think these are really two statements of the same question.] A file simply being owned by root is not a security hole, and some might call it a security feature. Note that this is just my preference and other wizards may not share it -- flames are welcome. It is indeed easy to screw up as root but just as easy with "library" or "bin" because it is not as "important" as root so your guard might be down a bit -- boy am I generalizing here :-). Let's say that I can somehow break the "bin" login. I just replace (say) /bin/ls with my own program. This program will do an exec on the "real" ls but if it is being run by root it will do something special for me. Basically, files not owned by root are prime targets for security breaches. It turns out that on my machine has this bug: I can break the "bin" group and the /bin directory is, by default: 4 drwxrwxr-x 4 bin bin 1680 Mar 6 04:49 /bin I can write to /bin and have successfully gotten somebody to run my phony ls as root. I can think of some convincing arguments on your side as well, primarily related directly to your point of letting non-root do system administration on a machine. I'll let the other wizards respond to that point. > Subsidiary questions. Is this organization historical? Is it just laziness > on the part of the [original/intermediate/recent] developers/distributors > of UNIX? Is this situation going to be addressed? Is the situation different > between the System V and Berkeley species of UNIX? (We use the bsd variant, > if that is really relevant to this issue.) Root is the only uid whose number<-->name match is guaranteed on all machines. Tar and cpio and most other archiving programs store the owner of a file as a number, not a name, and there is the chance that the name upon read doesn't match the name upon write. This means that a file written with uid=1 (bin) might be read as uid=1 (adm) and this is not necessarily what is wanted. You ask a good question, and these are just my thoughts. Steve -- Life : Stephen J. Friedl @ V-Systems, Inc./Santa Ana, CA *Hi Mom* CSNet: friedl%vsi.uucp@kent.edu ARPA: friedl%vsi.uucp@uunet.uu.net uucp : {kentvax, uunet, attmail, ihnp4!amdcad!uport}!vsi!friedl