Path: utzoo!attcan!uunet!ncc!lyndon
From: lyndon@ncc.Nexus.CA (Lyndon Nerenberg)
Newsgroups: comp.bugs.4bsd
Subject: Re: Installing 4.3-Tahoe on a VAX
Keywords: security, paranoid, file ownership
Message-ID: <10477@ncc.Nexus.CA>
Date: 13 Sep 88 17:27:14 GMT
References: <4790@saturn.ucsc.edu> <5415@zodiac.UUCP>
Reply-To: lyndon@ncc.nexus.ca (Lyndon Nerenberg)
Organization: Nexus Computing Inc.
Lines: 23

In article <5415@zodiac.UUCP> jordan@ads.com (Jordan Hayes) writes:

[ In reference to bin vs root ownership of executables ]

>Yes, i'd like to hear about why this was (is) being done, in the latest
>BSD releases and the recent SUN releases.  It doesn't seem to make much
>sense for some new (unprotected) user to own all the binaries.

I prefer this for a couple of reasons. First, I don't have to give
all the application programmers root access to the machine in order
to install their software. Secondly, it can be a real bitch trying
to install software on NFS mounted file systems if you are root. Doing this
as bin doesn't get you mapped to "nobody." Third, if non-priv executables
are owned by bin, it makes it easy to run a find in your bin/lib
directories looking for stuff owned by root. Any differences from a
list of "standard" root owned files can quickly indicate possible
attempts at cracking the box.

Besides, that's the way AT&T does it, and SVR4 is just around the
corner :-)

-- 
VE6BBM   {alberta,pyramid,uunet}!ncc!lyndon  lyndon@Nexus.CA