Skip site navigation (1)Skip section navigation (2)
Date:      Fri, 28 Jun 2013 17:18:34 +0000 (UTC)
From:      jb <jb.1234abcd@gmail.com>
To:        freebsd-questions@freebsd.org
Subject:   Re: A very 'trivial' question about /root
Message-ID:  <loom.20130628T190502-990@post.gmane.org>
References:  <1372407002.6831.34.camel@blackfriar.inhio.eu> <201306281325.r5SDPitf054224@fire.js.berklix.net>

Next in thread | Previous in thread | Raw E-Mail | Index | Archive | Help
Julian H. Stacey <jhs <at> berklix.com> writes:

> 
> jb.1234abcd <at> gmail.com 's ref to
> 	https://bugzilla.redhat.com/show_bug.cgi?id=578470
> relates to Linux upgrade procedures & /root
> I don't see it affects how we should perceive an idealised Unix.
> 

The upgrade was a canary that told the user there is a problem.

The idealized UNIX is standardized.
According to Filesystem Hierarchy Standard (FHS), a UNIX standard:

"
/root : Home directory for the root user (optional)
Purpose
The root account's home directory may be determined by developer or local
preference, but this is the recommended default location. [17]

[17] If the home directory of the root account is not stored on the root
partition it will be necessary to make certain it will default to / if it
can not be located.
"

The above means that there has to be implied equivalency and consistency of
permisssions between /root and / in order to ensure trouble-free operation
of any process that may rely on any of them.

That Linux case I referred to was a case about a system that relied on
the above 0755 setup for /root dir, with an interesting twist of having it
as a dummy account/dir for consistency, but having other accounts play
the role of a superuser.

Another example:
some app (perhaps an installer) runs as non-root (e.g. Apache) user and
needs to be able to read the root ssh public key from /root dir.

There could be many such apps, accessing a front-end system, having to
check for permission in /root dir for whatever they want to do, anywhere
in sys admin, remote control, management, installation, etc areas.

By changing this default you may ambush many unsuspecting users.

jb







Want to link to this message? Use this URL: <http://docs.FreeBSD.org/cgi/mid.cgi?loom.20130628T190502-990>