Path: utzoo!utgpu!watmath!uunet!lll-winken!csd4.milw.wisc.edu!mailrus!sharkey!oxtrap!lokkur!scs
From: scs@lokkur.UUCP (Steve Simmons)
Newsgroups: unix-pc.general
Subject: Re: which unix-pc files MUST be writeable by others?
Summary: Try it and see...
Message-ID: <1399@lokkur.UUCP>
Date: 5 May 89 02:06:05 GMT
References: <587@cbnewsc.ATT.COM> <17736@cup.portal.com> <672@cbnewsc.ATT.COM>
Reply-To: scs@lokkur.UUCP (Steve Simmons)
Organization: Inland Sea Software, Ltd.
Lines: 23

In article <672@cbnewsc.ATT.COM> danl@cbnewsc.ATT.COM (daniel.r.levy) writes:
>What I want to know is, WHAT WILL BREAK when I try to impose conventional ideas
>of UNIX security (please hold the wise cracks) upon a 3B1?  And I'd like to
>know it before I try it and hose up the machine.

Well Dan'l, the short answer is ALMOST NOTHING.  I did the appropriate find
on my system not just for directories but for *every* writable file.  Most
of them I found could be cleaned up with no risk.  A couple I was fairly
sure *had* to remain writable (/tmp, /usr/tmp, uucppublic) because system
functioning demanded it.  One, /usr/spool/news, has to remain writable
due to other stupid reasons.   There are a couple of accounting files
(utmp, wtmp, a few things in /usr/adm) that need to be writable.  Getting
right down to the bottom, everything else I made protected except
	/etc/drvtab
	/etc/timedsply
which I just couldn't figure out.

Disclaimer: I did this over a year ago, and am telling you from
memory.  But it's based on real work, not just my opinions.
-- 
Steve Simmons		...sharkey!lokkur!scs      scs@lokkur.dexter.mi.us
  "Gordon Way's astonishment at suddenly being shot dead was nothing to
       his astonishment at what happened next."  -- Douglas Adams