Path: utzoo!utgpu!watmath!uunet!labrea!agate!ucbvax!tut.cis.ohio-state.edu!att!cbnewsc!danl
From: danl@cbnewsc.ATT.COM (daniel.r.levy)
Newsgroups: unix-pc.general
Subject: Re: which unix-pc files MUST be writeable by others?
Message-ID: <672@cbnewsc.ATT.COM>
Date: 3 May 89 23:19:06 GMT
References: <587@cbnewsc.ATT.COM> <17736@cup.portal.com>
Organization: AT&T Bell Laboratories
Lines: 37

In article <17736@cup.portal.com>, thad@cup.portal.com (Thad P Floryan) writes:
< Re: Daniel Levy's questions about which directories should be writeable ..
< 
< the /usr/lib/ua most definitely, so that anyone can do "rm -f /usr/lib/ua/*"

[wipe dat smirk offa you face...]

And also so that non-install users can create/delete files in there, on
purpose?

< Seriously, I strongly suggest you acquire the book UNIX SYSTEM SECURITY, by
< Patrick Wood and Stephen Kochan, publ. Hayden Books UNIX System Library.
< 
< If you follow the guidelines outlined in that book, both Ivan and Moammar will
< be gnashing their teeth in frustration.  :-)  :-)  :-)

No I'm not concerned about Russian and Arab spies.

< The default UNIXPC system "security" sucks dead bunnies through a straw.

Gee tell me something I don't know.  I'm not asking about what's good UNIX
security in general (I presume that Wood and Kochan's book is about that, not
about the 3B1 in particular).  I got plenty of training about that at work.
What I want to know is, WHAT WILL BREAK when I try to impose conventional ideas
of UNIX security (please hold the wise cracks) upon a 3B1?  And I'd like to
know it before I try it and hose up the machine.  Right now, the only one who
has a login on that machine is me so I don't care about the sloppy security
any more than I would on a MS-DOS machine.  (Well I do care a little re uucp,
since I poll a machine at my work location, but I've fixed up the USERFILE so
it only allows transfers to/from /usr/spool/uucppublic.  As it comes, it
allows transfers to/from ANYWHERE... brrr.)  But should I ever want to let
strange users onto this beast, well....
-- 
Dan'l Levy                 UNIX(R) mail:  att!ttbcad!levy, att!cbnewsc!danl
AT&T Bell Laboratories
5555 West Touhy Avenue     Any opinions expressed in the message above are
Skokie, Illinois  60077    mine, and not necessarily AT&T's.