Subject: Re: changing default user from bin:bin to root:wheel
To: Darren Reed <email@example.com>
From: Luke Mewburn <firstname.lastname@example.org>
Date: 02/19/1998 14:31:25
Darren Reed writes:
> In some mail I received from Luke Mewburn, sie wrote
> > it's been discussed in various places before that the default
> > installation user:group of `bin:bin' is not the best solution:
> > * security holes do exist that "get any user but root access"
> > i propose that the default is changed (in /usr/share/mk/bsd.own.mk)
> > to root:wheel. this also results in:
> > * default NFS mapping of client root -> uid -2 means that
> > unpriviliged client workstations can't modify root-owned
> > files.
> > comments / problems with this?
> just for the sake of commenting more than anything else, why not root:bin ?
BECAUSE `bin' MUST DIE!!!
seriously, if we going to get rid of uid bin i'd get rid of gid bin.
our NFS export can map out groups to nobody as well, and since a lot
of the directories are already group wheel i figured we go for