Subject: Re: changing default user from bin:bin to root:wheel
To: Darren Reed <>
From: Luke Mewburn <>
List: tech-security
Date: 02/19/1998 14:31:25
Darren Reed writes:
> In some mail I received from Luke Mewburn, sie wrote
> > 
> > it's been discussed in various places before that the default
> > installation user:group of `bin:bin' is not the best solution:
> > 	* security holes do exist that "get any user but root access" 
> > 
> > i propose that the default is changed (in /usr/share/mk/
> > to root:wheel. this also results in:
> > 	* default NFS mapping of client root -> uid -2 means that
> > 	  unpriviliged client workstations can't modify root-owned
> > 	  files.
> > 
> > comments / problems with this?
> just for the sake of commenting more than anything else, why not root:bin ?


seriously, if we going to get rid of uid bin i'd get rid of gid bin.
our NFS export can map out groups to nobody as well, and since a lot
of the directories are already group wheel i figured we go for