Subject: Re: changing default user from bin:bin to root:wheel
To: Luke Mewburn <lm@cs.rmit.edu.au>
From: Perry E. Metzger <perry@piermont.com>
List: tech-security
Date: 02/19/1998 10:31:43
Luke Mewburn writes:
> it's been discussed in various places before that the default
> installation user:group of `bin:bin' is not the best solution:
> 	* security holes do exist that "get any user but root access" 
> 
> i propose that the default is changed (in /usr/share/mk/bsd.own.mk)
> to root:wheel. this also results in:
> 	* default NFS mapping of client root -> uid -2 means that
> 	  unpriviliged client workstations can't modify root-owned
> 	  files.
> 
> comments / problems with this?

I have wanted this for a long time. The "bin" account and group are a
holdover from ancient times, and no longer really make much sense,
especially in an NFS environment. If we do not do this, we should at
least make "bin" turn to "nobody" on NetBSD NFS servers.

Perry