Date: Thu, 3 Feb 2000 18:29:35 -0500 From: Chris Hill <chris@monochrome.org> To: Alfred Perlstein <bright@wintelcom.net> Cc: FreeBSD Questions list <freebsd-questions@FreeBSD.ORG> Subject: Re: security for non-root sysadmins Message-ID: <v03007802b4bfbe372f85@[192.168.0.3]> In-Reply-To: <20000203092944.L25520@fw.wintelcom.net> References: <Pine.BSF.4.21.0002031540210.14099-100000@dogma.freebsd-uk.eu.org>; from jcm@dogma.freebsd-uk.eu.org on Thu, Feb 03, 2000 at 03:56:32PM %2B0000 <Pine.BSF.4.21.0002031540210.14099-100000@dogma.freebsd-uk.eu.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Alfred Perlstein <bright@wintelcom.net> wrote, >* Jonathon McKitrick <jcm@dogma.freebsd-uk.eu.org> [000203 08:23] wrote: >> >> Okay, one thing i have learned here is to use a user account for as >> much admin as possible. I use su to do the rest. I also read >> somewhere that if i change the permissions on /usr/ports/distfiles and >> one other directory (work?) i can make ports without being root. What >> directory is that? Are there any other changes like these i can make >> that will mean spending less time as root for admin tasks, like >> building work or kernel? Is there a security risk in changing these >> directory permissions to less strict settings? > >Yes, if you are too lax on your permissions all one needs to do is >modify a file within your source/ports tree to have a trojan'd program >installed when you do "make install/installworld" I seem to recall reading on this list that some (all?) ports have some sort of ownership issue, which is automatically correct if root does the install. Personally, I've had a couple of port installs fail when I did them as a user su'd to root, but then the same install succeeds when I actually log in as root. This is why I do my port installations as root. Plus, I don't have to monkey with permissions on /usr/ports/distfiles or anything else. To maintain a degree of safety, I log root out as soon as the install is done. -- Chris Hill chris@monochrome.org [place witty saying here] To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?v03007802b4bfbe372f85>