Subject: Re: changing default user from bin:bin to root:wheel
To: None <firstname.lastname@example.org, email@example.com>
From: Bruce Barnett <firstname.lastname@example.org>
Date: 02/19/1998 09:15:32
> seriously, if we going to get rid of uid bin i'd get rid of gid bin.
The important concept is least priviledge, and potential dangers.
To me, it doesn't matter if the group is wheel or bin, as long as it
has no priviledges. But suppose someone makes a mistake?
Let's examine this...
All default directories should be root:wheel, with permission 500 or
700. Okay. Now what if, by mistake, someone makes that directory g+w?
That is the first potential mistake.
Now - suppose you want to create a new priviledge for a new service.
What group should that process be in?
If it is group "wheel", and that new service has a flaw in it, these
two mistakes can cause the system to be compromised.
I feel it is much better to have a group that has NO PRIVILEGES, and
make the new process a member of that group. Wheel normally has no
privileges, but a mistake can grant it enough to compromise the system.
Therefore the default group should not be wheel.
Better to pick another group that is not used anywhere. i.e. bin
(also - some people install software with mode 6511 instead of 4511.
This is another way to grant privilege).
If you don't like bin. pick another group. But it should not be one
that potentially has write permission to a directory.
It is much better to have a system that requires THREE mistakes
to compromise a system than one that only requires TWO mistakes.