On Sun, Feb 03, 2002 at 02:14:00PM +0000, xs@kittenz.org wrote:
> > > It would be nice to have a good security vs. usability balance in the
> > > default install.
> > 
> > ... like in linux ? :)
> 
> The list I have for making linux satisfactory is longer than the one for
> NetBSD, and includes the mess of trying to locate current patches and 
> tarballs (eg, free s/wan)

Making system more secure is just about hour of work.
I think that only some things like default umask should change.
By default /root is readable by any user.
Also users could check what their friends did (just by looking in their
.bash_history or other files). It's not good for most systems.

> wtmp files can get *huge* quickly, and compress quite well. Also probably
> only get viewed rarely once they are archived. Better to save space
> than save a few key presses on a rare occasion.

How much will cost you space of your wtmp files ? :)
The best thing to do for you would be support for pipe in last.

> The idea behind chgrp'ing to users is that daemons (eg, httpd) and so on
> are not a member of the users group, and so shouldn't be able to
> set a password on their account, play with at/crontab, etc.

passwd is one of programs, that are used by all users.
If httpd is running crontab it could change only his own set of jobs.
What jobs have got your http user ? :)
If you want to give users right to change their crontabs via www
you have to do some script suid root.
Without that your CGI will not have rights to change crontabs of users.

> This is a very site specific setting. Eg: it breaks on a system
> where passwd is used via a web interface or where pppd runs at.

Who runs pppd ?
If it's used to dial-in pppd is running propably from init.
If it's used to dial-out - we have only set of users that can do that and
they should be in group ppp.

-- 
Wojciech Bojdoł
High-Tech Consulting