Path: utzoo!utgpu!water!watmath!clyde!att!rutgers!mailrus!uflorida!haven!mimsy!chris
From: chris@mimsy.UUCP (Chris Torek)
Newsgroups: comp.bugs.4bsd
Subject: Re: bin owns stuff
Message-ID: <13551@mimsy.UUCP>
Date: 14 Sep 88 09:52:09 GMT
References: <26049@ucbvax.BERKELEY.EDU> <5416@zodiac.UUCP> <21791@sgi.SGI.COM> <21879@sgi.SGI.COM>
Organization: U of Maryland, Dept. of Computer Science, Coll. Pk., MD 20742
Lines: 23

>In article <8481@smoke.ARPA> gwyn@smoke.ARPA (Doug Gwyn) writes:
>>The basic idea is to avoid forcing the system administrator to act under
>>UID 0 unless absolutely necessary.  Files owned by "bin" can be updated
>>by "bin" rather than "root".

In article <21879@sgi.SGI.COM> vjs@rhyolite.SGI.COM (Vernon Schryver) writes:
>Should anyone besides root be allowed to 'update' sh or crontab?

Probably not; bin and root are (effectively) the same user.  (That NFS
does not make this so is not directly relevant, as 4.3BSD and
4.3BSD-Tahoe do not come with NFS---not from Berkeley, at any rate.
That the .rhosts mechanism does, is.)

>Is there some <<risk>> with root owning things?

Yes.  It is relatively small, but it is there.  The problem is that
a typographic error as root can have much more far-reaching consequences
than one as bin.

(Besides, I think it is more aesthetic :-) )
-- 
In-Real-Life: Chris Torek, Univ of MD Comp Sci Dept (+1 301 454 7163)
Domain:	chris@mimsy.umd.edu	Path:	uunet!mimsy!chris