Personally, I have my jumpstart create /root (root:root 700) and modify root's homedir to /root. I leave the root shell alone since I do most of my work with RBAC or sudo. Interestingly, many security auditors like to see root's home directory in /root so that users/hackers can't see root's "." files. I agree this is a good security measure and makes sense. I have not seen any applications have issues over the years because of this.
As for daemons or processes owned by daemon, sys, etc.. I don't think they should be dumping anything into / for the same reasons. Do they need their own home dir? I don't know. I haven't seen anything in / that shouldn't be. Then again, most sites disable most of the services for security reasons. *-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-* Octave J. Orgeron Solaris Systems Engineer http://www.opensolaris.org/os/community/sysadmin/ http://unixconsole.blogspot.com [EMAIL PROTECTED] *-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-* ----- Original Message ---- From: Darren J Moffat <[EMAIL PROTECTED]> To: [EMAIL PROTECTED] Cc: [email protected]; James Carlson <[EMAIL PROTECTED]> Sent: Thursday, January 25, 2007 9:49:19 AM Subject: Re: [osol-discuss] Re: Re: SXCR Build 55 available [EMAIL PROTECTED] wrote: >> Brian McCafferty writes: >>> Can someone tell me what the reason is for the creation of /root? >>> Why do you make the root home directory no longer the root? I'm a >>> little confused what purpose this serves. >> It seems to be a Linicism. >> >> If you log into your system as root, you'll eventually end up with a >> lot of trash littering the / directory. That's unattractive, so >> hiding it away under some directory (still on the root file system) is >> a plus. >> >> But I think you have to be in the bad habit of logging in as root >> first. > > > To me, it also goes against the grain of Unix; one of the reasons why root > is called root is because he lives there. For consistency, we should have > renamed the superuser account to "slashroot" So why do, daemon, sys, nobody, and noaccess cohabitate with him ? Is the real "bug" here that they all use "/" as their home dir ? -- Darren J Moffat _______________________________________________ opensolaris-discuss mailing list [email protected] ____________________________________________________________________________________ Expecting? Get great news right away with email Auto-Check. Try the Yahoo! Mail Beta. http://advision.webevents.yahoo.com/mailbeta/newmail_tools.html _______________________________________________ opensolaris-discuss mailing list [email protected]
