On Tuesday 04 March 2003 23:20, Daniel Carrera wrote: > Hello, > > I have a question about system security. I have an idea and I was hoping > that someone could tell me whether it's good or bad. > > For a single-user computer, I would normally have only two accounts: root > and (say) 'dcarrera' -- a regular user account. Since I install stuff > very often, I would add 'dcarrera' to the 'wheel' group, so I can su to > root. > > Now, here is my idea. Create a third user, 'admin'. Add 'admin' to the > 'wheel' group instead of dcarrera, but give admin the ability to install > regular packages. In other words, admin would have write access to /usr. > > So, when I want to install a regular package I would su to admin. And > when I need to do something more (like modify /etc, /boot, /bin, etc) I > would su again to become root. > > I figure that this would be good because 'admin' would not be able to > access any of the truly crucial components of the system. > > Would this be a good idea?
Except that you would get permission hell when you install as root, and that you need to manually modify suid applications, I believe there are no real security implications to this. I think you can better look into some kernel based security packages though that work with capabilities. While hell to setup they are even more secure and also make that you cannot that easilly rm -rf / yourself. Paul -- Paul de Vrieze Researcher Mail: [EMAIL PROTECTED] Homepage: http://www.cs.kun.nl/~pauldv
pgp00000.pgp
Description: signature
