Subject: Re: changing default user from bin:bin to root:wheel
To: Bruce Barnett <firstname.lastname@example.org>
From: Perry E. Metzger <email@example.com>
Date: 02/19/1998 11:20:45
Bruce Barnett writes:
> > seriously, if we going to get rid of uid bin i'd get rid of gid bin.
> The important concept is least priviledge, and potential dangers.
> To me, it doesn't matter if the group is wheel or bin, as long as it
> has no priviledges. But suppose someone makes a mistake?
You don't seem to understand the issue here.
1) The files do not have "privileges" if they are not suid or sgid.
2) the issue is NFS semantics. NFS does no permissions checking -- the
only defense one has against ugly nfs evil is the nobody/nogroup
translation that happens to accesses by user/group 0. Stuff owned
by root:wheel can't be touched over NFS, which is what we want. As