Ron Heiby (The Moderator) <unix-request@cbosgd.UUCP> (03/19/85)
Unix Technical Digest Tue, 19 Mar 85 Volume 1 : Issue 29
Today's Topics:
Non-root (assistant) System Admins
number of open files
Shells: programming and background pids
----------------------------------------------------------------------
Date: Mon, 18 Mar 85 12:31:59 pst
From: ihnp4!trwrb!trwspp!spp2!jhull
Subject: Non-root (assistant) System Admins
When I was the UNIX system administrator at U of Tennessee at
Knoxville, many moons ago (a young very dumb grad student), I found it
helpful to change the ownership of many files from the as-distributed
owners (usually root) to various assistant-system-administrator (asa)
accounts, e.g., ingres or daemon. These asa accounts were made a part
of the same group as root. I did it mostly to try to limit the damage
I, as system administrator, might do, since at the time I knew nothing
about UNIX & there I was recompiling the kernel, installing device
drivers I had modified, etc.
I no longer remember anything about what I assigned to which accounts,
but the system did work & I was able to spin off a lot of my work to
other grad students who had more interest in various parts of the
system.
Has anybody else looked at the potential protections afforded by
having as little as possible owned by root, &, therefore, less risk if
a user does get back his own shell with uid set?
Blessed Be,
Jeff Hull {decvax,hplabs,ihnp4,scdrdcf,ucbvax}
13817 Yukon Ave. trwrb!trwspp!spp2!jhull
Hawthorne, CA 90250
[Ed note: This looks to me to be an excellent suggestion on how to
improve overall system security by reducing to bare minimum the times
that "root" is actually used. It has to be done carefully, though.
Does anyone have any other examples of what can be done? RWH.]
------------------------------
Date: Mon, 18 Mar 85 11:24:22 est
From: seismo!hadron!jsdy (Joseph S. D. Yao)
Subject: number of open files
> When you change a system header file like 'param.h', you'll have to
> recompile all the system utilities which use that header file.
> ...
> [Ed note: I'm sure if it were as "easy" as just changing the header
> file and re-compiling everything, that someone would have done it by
> now. Let's be real careful out there! RWH.]
I have done it. And it is and it isn't that simple.
You see, there are people in our community who insist on n o t
including system dependencies in their makefiles! (turrible,
turrible, no?) Other than that -- yes, it is that simple. The
major problems include: the size of the u-area changes, so all
debuggers must be recompiled; 'ps' (of course) must be re-compiled;
certain programs that close all file decriptors before exec-ing
things (like shells, login, init, whatever, depending on your
versions of each: also, editors, viewers, menu programs ...);
and, as said before, anything that includes param.h or user.h.
THEN, you have to go after the programs that hard-coded the define
or (*shudder*) the constant into their code. ;-)/;-(
Joe Yao hadron!jsdy@seismo.{ARPA,UUCP}
Hadron, Inc. {seismo,prcrs,luhsavs,netex,isi}!hadron!jsdy
[Ed note: Oh. RWH]
------------------------------
Date: Mon, 18 Mar 85 09:14:05 est
From: sja@ih1ap.uucp
Subject: Shells: programming and background pids
> Here is an alias we use to kill off selected or all jobs.
Instead of doing all that shell processing, this simple C program will
kill all processes for the effective uid:
#include <stdio.h>
#include <sys/signal.h>
#include <pwd.h>
/* Kill all processes whose real user ID is equal to the effective
* user ID of the invoker of this command. Sends a SIGTERM
* to all processes, waits 10 seconds, and sends a SIGKILL to
* any processes that weren't paying attention.
*/
main(argc, argv)
int argc;
char *argv[];
{
struct passwd *getpwuid();
struct passwd *passwd;
char s[512];
if ((passwd = getpwuid(geteuid())) == NULL) {
fprintf(stderr,"%s: ERROR: Can't get effective uid\n",
argv[0]);
exit(1);
}
printf(
"Are you sure you want to blow away all processes owned by uid [%s]\n",
passwd -> pw_name);
printf("Enter (y,n): ");
gets(s);
if (s[0] == 'y' || s[0] == 'Y') {
signal(SIGTERM,SIG_IGN);
kill(-1,SIGTERM);
sleep(10);
kill(-1,SIGKILL);
}
}
------------------------------
End of Unix Technical Digest
******************************
--
Ronald W. Heiby / ihnp4!{wnuxa!heiby|wnuxb!netnews}
AT&T Information Systems, Inc.
Lisle, IL (CU-D21)