Re: Bug#80343: general: Lack of policy on which files should be owned by which user
On Tue, Dec 26, 2000 at 12:38:28PM +0200, Eray Ozkural (exa) wrote: Hamish Moffatt wrote: On Tue, Dec 26, 2000 at 04:43:53AM +0200, Eray Ozkural (exa) wrote: I like using groups to give different sets of rights and I'm annoyed by Debian giving every user his own group. Is that reall necessary? No, but it's a good idea. It makes it much easier to work in directories shared with other users (but not all users), because you don't have to keep changing your umask all the time, or even worse, fixing file permissions because you (or somebody else) forgot to change their umask. I always thought it was a paranoid kind of security feature in Debian. I might be wrong of course. How does giving every user his own group makes it easier for him to share files without system administrator's intervention? I couldn't guite get it, sorry I just woke up but I simply don't understand it. A small example? Other people have provided most of the really useful reasons, but another one, which is denies access rather than providing it: If my I want a file to be readable by everybody *except* user fred, I can set permissions: [EMAIL PROTECTED]:~ ls -l plot-against-fred -rwr--1 pde fred 1 Dec 27 17:12 plot-against-fred Of course, I need root access to do it :( -- | |= -+- |= | | |- | |- |\ Peter Eckersley ([EMAIL PROTECTED]) http://www.cs.mu.oz.au/~pde for techno-leftie inspiration, take a look at http://www.computerbank.org.au/ pgpPI0gcYjqqT.pgp Description: PGP signature
Re: Bug#80343: general: Lack of policy on which files should be owned by which user
Peter Eckersley wrote: If my I want a file to be readable by everybody *except* user fred, I can set permissions: [EMAIL PROTECTED]:~ ls -l plot-against-fred -rwr--1 pde fred 1 Dec 27 17:12 plot-against-fred Of course, I need root access to do it :( ^^^ That's what troubles me. -- Eray (exa) Ozkural Comp. Sci. Dept., Bilkent University, Ankara e-mail: [EMAIL PROTECTED] www: http://www.cs.bilkent.edu.tr/~erayo
Re: Bug#80343: general: Lack of policy on which files should be owned by which user
Hamish Moffatt wrote: This is a big nuisance. I spent months working on a project with a shared directory without individual user groups. Worse yet, you can end up with a CVS repository full of files with user-only permissions (using a local CVS repositor, rather than remote). Ok. Then what I did was correct. I set up a developers group and put all devels there, then I changed umask to 002 in /etc/profile. I guess that's the way it works for multiple CVS users, right? Since there are per user groups, the umask won't disrupt any other operation. Thanks, -- Eray (exa) Ozkural Comp. Sci. Dept., Bilkent University, Ankara e-mail: [EMAIL PROTECTED] www: http://www.cs.bilkent.edu.tr/~erayo
Re: Bug#80343: general: Lack of policy on which files should be owned by which user
On Wed, Dec 27, 2000 at 12:14:54PM +0200, Eray Ozkural (exa) wrote: Hamish Moffatt wrote: This is a big nuisance. I spent months working on a project with a shared directory without individual user groups. Worse yet, you can end up with a CVS repository full of files with user-only permissions (using a local CVS repositor, rather than remote). Ok. Then what I did was correct. I set up a developers group and put all devels there, then I changed umask to 002 in /etc/profile. I guess that's the way it works for multiple CVS users, right? Since there are per user groups, the umask won't disrupt any other operation. That should work fine. Hamish -- Hamish Moffatt VK3SB [EMAIL PROTECTED] [EMAIL PROTECTED]
Re: Bug#80343: general: Lack of policy on which files should be owned by which user
exa == exa Eray writes: exa I use bash. Is this zsh better? :) Yes. -- Stephen A duck!
Re: Bug#80343: general: Lack of policy on which files should be owned by which user
Isn't there rudimentary ACL implementation in the kernel? An ACL would do the job nicely... On Wed, 27 Dec 2000, Eray Ozkural (exa) wrote: Peter Eckersley wrote: If my I want a file to be readable by everybody *except* user fred, I can set permissions: [EMAIL PROTECTED]:~ ls -l plot-against-fred -rwr--1 pde fred 1 Dec 27 17:12 plot-against-fred Of course, I need root access to do it :( ^^^ That's what troubles me. -- Pardon me, but you have obviously mistaken me for someone who gives a damn. email [EMAIL PROTECTED]
Re: Bug#80343: general: Lack of policy on which files should be owned by which user
Hamish Moffatt wrote: On Tue, Dec 26, 2000 at 04:43:53AM +0200, Eray Ozkural (exa) wrote: I like using groups to give different sets of rights and I'm annoyed by Debian giving every user his own group. Is that reall necessary? No, but it's a good idea. It makes it much easier to work in directories shared with other users (but not all users), because you don't have to keep changing your umask all the time, or even worse, fixing file permissions because you (or somebody else) forgot to change their umask. I always thought it was a paranoid kind of security feature in Debian. I might be wrong of course. How does giving every user his own group makes it easier for him to share files without system administrator's intervention? I couldn't guite get it, sorry I just woke up but I simply don't understand it. A small example? What's the harm in it? It populates the groups? I want only meaningful groups there. Thanks, -- Eray (exa) Ozkural Comp. Sci. Dept., Bilkent University, Ankara e-mail: [EMAIL PROTECTED] www: http://www.cs.bilkent.edu.tr/~erayo
Re: Bug#80343: general: Lack of policy on which files should be owned by which user
Brian May wrote: zsh has in /etc/zshrc: [[ $UID == $GID ]] umask 002 || umask 022 My only dislike is it overrides my default setup in ~/.zshenv of 077. It seems wrong to put this stuff in zshrc, that only gets used for interactive shells. zshenv gets processed for all shells, but is run before zshrc. I use bash. Is this zsh better? :) Thanks, -- Eray (exa) Ozkural Comp. Sci. Dept., Bilkent University, Ankara e-mail: [EMAIL PROTECTED] www: http://www.cs.bilkent.edu.tr/~erayo
Re: Bug#80343: general: Lack of policy on which files should be owned by which user
On Tue, Dec 26, 2000 at 12:38:28PM +0200, Eray Ozkural (exa) wrote: No, but it's a good idea. It makes it much easier to work in directories shared with other users (but not all users), because you don't have to keep changing your umask all the time, or even worse, fixing file permissions because you (or somebody else) forgot to change their umask. [...] How does giving every user his own group makes it easier for him to share files without system administrator's intervention? I couldn't guite get it, sorry I just woke up but I simply don't understand it. A small example? It allows users to set their default umask to allow group access. That way, when they are working in their own directories, their files will only be readable/writable/etc. by themselves, and when working in a shared directory, the files will be readable/writable/etc. by other members of the group. All without having to change the umask or set any permissions manually. -- - mdz
Re: Bug#80343: general: Lack of policy on which files should be owned by which user
On Tue, Dec 26, 2000 at 12:38:28PM +0200, Eray Ozkural (exa) wrote: I always thought it was a paranoid kind of security feature in Debian. I might be wrong of course. How does giving every user his own group makes it easier for him to share files without system administrator's intervention? I couldn't guite get it, sorry I just woke up but I simply don't understand it. A small example? Sure. Let's say you have a pair of users, Jose and HoseB, each with home directories in /home, with a single-user group each. They have some confidential files which they keep in their home directories and want to hide from each other. They also work on a project together, in /project. They have another group, which they both belong to, and all the files in /project use that GID. There are other users on the system who are not working on the project and who should not be able to look at /project. Jose and HoseB can set their umask to allow group read/write by default. When they write to their home directories, the files belong to their individual user groups, so nobody else can read them. When they write in /project, the files belong to the project group, so they can both read them. And nobody except Jose and HoseB can read the files in /project either, because they're not world read/writable. Now, imagine if Jose and HoseB shared a 'users' group, which their home directories used, as well as the project group. When they write to their home directories, their files end up group read/writeable to all users! Or if they set their umask to allow user read/write only, then they end up with files in /project which the other person can't read. They have to remember to fix file permissions all the time. This is a big nuisance. I spent months working on a project with a shared directory without individual user groups. Worse yet, you can end up with a CVS repository full of files with user-only permissions (using a local CVS repositor, rather than remote). Of course this is not an issue if (a) you never need to share files with a subset of users (use world read/write), or (b) you never need to share files at all (user read/write only). It populates the groups? I want only meaningful groups there. Per-user groups are very meaningful, and are a good demonstration of why Debian is a superior OS to many others. Regards, Hamish -- Hamish Moffatt VK3SB [EMAIL PROTECTED] [EMAIL PROTECTED]
Re: Bug#80343: general: Lack of policy on which files should be owned by which user
Hi Brian May schrieb: Hamish == Hamish Moffatt [EMAIL PROTECTED] writes: Hamish On Tue, Dec 26, 2000 at 11:13:13AM +1100, Brian May wrote: However, the idea of one UID per daemon is (IMHO) a really horrible solution, too, as you end up having more UIDs for daemons then users. Hamish Why is that a problem? There are 65536 available UIDs. Some potential problems though: - easy to hide back-door entry point in /etc/passwd if lots of entries exist (eg. missing password field). Whether this is by mistake or done on purpose by an attacker is not important, but the fact it is harder to detect may be important. Regular /etc/passwd checking is done by a pretty rigid scripts usually. It really does not matter how many entries there are in /etc/passwd. Checking it by hand seems pointless to me. - As the number of entries grows, the chance that one/more entries will conflict with some NIS, openldap or remote NFS system increases. Especially since adduser, etc, do not support NIS or openldap. I am not sure of the details here - can adduser assign a local user a UID that conflicts with that from some other source? Then we should fix adduser and libc(PAM/NSS). I tried to get the normal 'passwd' to change passwords on nis (well, passwdd; pam_unix seems to be able to do this) but couldn't get it to work (I hadn't that much time for it though). - harder to administrate /etc/passwd as more users exist. Something that seems improtant to me: providing a way to use less users/groups on some systems should be easy once every daemon can have it's own (adduser creating system accounts with same UID/GID comes to mind). The other way round it's harder. ciao, 2ri
Re: Bug#80343: general: Lack of policy on which files should be owned by which user
Russell == Russell Coker [EMAIL PROTECTED] writes: Russell On Saturday 23 December 2000 09:13, KORN Andras wrote: I feel that there exists a general confusion among some Debian developers as to what user ids such as 'nobody' should be used for. I suggest that the policy be updated with relevant advice. Russell Nobody should never be used. If you use nobody then Russell someone else will choose to use it for the same reasons Russell and you end up with two programs sharing the same UID. Russell The only solution is to have nothing use it as a matter Russell of policy. Thats my opinion too. Any process run as nobody can be controlled by another process run by nobody that has been compromised, via signals, looking for secrets in core dump files, strace, gdb, etc. (strace and gdb can both attach to a running program). However, the idea of one UID per daemon is (IMHO) a really horrible solution, too, as you end up having more UIDs for daemons then users. The best solution, capabilities, is yet to be implemented in the relevant software. As for the issue that www-data shouldn't own any data files (now that is a contradiction in names), that is less clear cut. People want web pages to be a) private, so access can be controlled via apache. b) editable by anyone in the www-data group can make changes. c) read-only to the web server. which is a conflicting list of goals unless ACLs are supported. -- Brian May [EMAIL PROTECTED]
Re: Bug#80343: general: Lack of policy on which files should be owned by which user
On Tue, Dec 26, 2000 at 11:13:13AM +1100, Brian May wrote: However, the idea of one UID per daemon is (IMHO) a really horrible solution, too, as you end up having more UIDs for daemons then users. Why is that a problem? There are 65536 available UIDs. Hamish -- Hamish Moffatt VK3SB [EMAIL PROTECTED] [EMAIL PROTECTED]
Re: Bug#80343: general: Lack of policy on which files should be owned by which user
On Tue, Dec 26, 2000 at 11:48:35AM +1100, Hamish Moffatt wrote: On Tue, Dec 26, 2000 at 11:13:13AM +1100, Brian May wrote: However, the idea of one UID per daemon is (IMHO) a really horrible solution, too, as you end up having more UIDs for daemons then users. Why is that a problem? There are 65536 available UIDs. And 2^32 when 32-bit UIDs become more widespread. Anand -- Linux.Conf.Au -- http://linux.conf.au/ 17th - 20th January,-- Alan Cox, David Miller, Sydney, Australia -- Tridge, maddog and you?
Re: Bug#80343: general: Lack of policy on which files should be owned by which user
Hamish == Hamish Moffatt [EMAIL PROTECTED] writes: Hamish On Tue, Dec 26, 2000 at 11:13:13AM +1100, Brian May wrote: However, the idea of one UID per daemon is (IMHO) a really horrible solution, too, as you end up having more UIDs for daemons then users. Hamish Why is that a problem? There are 65536 available UIDs. Well yes and no. On most desktop systems there never will be a problem. Some potential problems though: - easy to hide back-door entry point in /etc/passwd if lots of entries exist (eg. missing password field). Whether this is by mistake or done on purpose by an attacker is not important, but the fact it is harder to detect may be important. - As the number of entries grows, the chance that one/more entries will conflict with some NIS, openldap or remote NFS system increases. Especially since adduser, etc, do not support NIS or openldap. I am not sure of the details here - can adduser assign a local user a UID that conflicts with that from some other source? - harder to administrate /etc/passwd as more users exist. -- Brian May [EMAIL PROTECTED]
Re: Bug#80343: general: Lack of policy on which files should be owned by which user
Brian May wrote: - harder to administrate /etc/passwd as more users exist. I like using groups to give different sets of rights and I'm annoyed by Debian giving every user his own group. Is that reall necessary? cu, -- Eray (exa) Ozkural Comp. Sci. Dept., Bilkent University, Ankara e-mail: [EMAIL PROTECTED] www: http://www.cs.bilkent.edu.tr/~erayo
Re: Bug#80343: general: Lack of policy on which files should be owned by which user
exa == exa Eray writes: exa Brian May wrote: - harder to administrate /etc/passwd as more users exist. exa I like using groups to give different sets of rights and I'm exa annoyed by Debian giving every user his own group. Is that exa reall necessary? I don't do that on my machine here. Just edit /etc/adduser.conf Previously you had to be careful that the default umask was setup correctly, not sure if this is an issue or not now. -- Brian May [EMAIL PROTECTED]
Re: Bug#80343: general: Lack of policy on which files should be owned by which user
On Tue, Dec 26, 2000 at 04:43:53AM +0200, Eray Ozkural (exa) wrote: Brian May wrote: - harder to administrate /etc/passwd as more users exist. I like using groups to give different sets of rights and I'm annoyed by Debian giving every user his own group. Is that reall necessary? It's useful when you're in a development environment where you've got directories that are group writable. On the other hand, I'd guess most large-scale development projects now use CVS rather than group writable directories as a sharing mechanism. FWIW when I was a sysadmin I generally put all untrusted users in a single group (or divided them into classes of groups). Regards, -- Nathan Norman - Staff Engineer | A good plan today is better Micromuse Inc. | than a perfect plan tomorrow. mailto:[EMAIL PROTECTED] | -- Patton pgpjCOCKfltIo.pgp Description: PGP signature
Re: Bug#80343: general: Lack of policy on which files should be owned by which user
Nathan E Norman wrote: On Tue, Dec 26, 2000 at 04:43:53AM +0200, Eray Ozkural (exa) wrote: I like using groups to give different sets of rights and I'm annoyed by Debian giving every user his own group. Is that reall necessary? It's useful when you're in a development environment where you've got directories that are group writable. On the other hand, I'd guess most large-scale development projects now use CVS rather than group writable directories as a sharing mechanism. I put CVS users in a group called developers. Is that wrong? Thanks, -- Eray (exa) Ozkural Comp. Sci. Dept., Bilkent University, Ankara e-mail: [EMAIL PROTECTED] www: http://www.cs.bilkent.edu.tr/~erayo
Re: Bug#80343: general: Lack of policy on which files should be owned by which user
Brian May wrote: exa == exa Eray writes: exa Brian May wrote: - harder to administrate /etc/passwd as more users exist. exa I like using groups to give different sets of rights and I'm exa annoyed by Debian giving every user his own group. Is that exa reall necessary? I don't do that on my machine here. Just edit /etc/adduser.conf Previously you had to be careful that the default umask was setup correctly, not sure if this is an issue or not now. Yep. I discovered that umask issue. I guess it's still a problem. Thanks, -- Eray (exa) Ozkural Comp. Sci. Dept., Bilkent University, Ankara e-mail: [EMAIL PROTECTED] www: http://www.cs.bilkent.edu.tr/~erayo
Re: Bug#80343: general: Lack of policy on which files should be owned by which user
Eray == Eray Ozkural exa [EMAIL PROTECTED] writes: Eray Yep. I discovered that umask issue. I guess it's still a Eray problem. zsh has in /etc/zshrc: [[ $UID == $GID ]] umask 002 || umask 022 My only dislike is it overrides my default setup in ~/.zshenv of 077. It seems wrong to put this stuff in zshrc, that only gets used for interactive shells. zshenv gets processed for all shells, but is run before zshrc. -- Brian May [EMAIL PROTECTED]
Re: Bug#80343: general: Lack of policy on which files should be owned by which user
On Tue, Dec 26, 2000 at 04:43:53AM +0200, Eray Ozkural (exa) wrote: I like using groups to give different sets of rights and I'm annoyed by Debian giving every user his own group. Is that reall necessary? No, but it's a good idea. It makes it much easier to work in directories shared with other users (but not all users), because you don't have to keep changing your umask all the time, or even worse, fixing file permissions because you (or somebody else) forgot to change their umask. What's the harm in it? Hamish -- Hamish Moffatt VK3SB [EMAIL PROTECTED] [EMAIL PROTECTED]
