Ron Heiby (The Moderator) <unix-request@cbosgd.UUCP> (03/19/85)
Unix Technical Digest Tue, 19 Mar 85 Volume 1 : Issue 29 Today's Topics: Non-root (assistant) System Admins number of open files Shells: programming and background pids ---------------------------------------------------------------------- Date: Mon, 18 Mar 85 12:31:59 pst From: ihnp4!trwrb!trwspp!spp2!jhull Subject: Non-root (assistant) System Admins When I was the UNIX system administrator at U of Tennessee at Knoxville, many moons ago (a young very dumb grad student), I found it helpful to change the ownership of many files from the as-distributed owners (usually root) to various assistant-system-administrator (asa) accounts, e.g., ingres or daemon. These asa accounts were made a part of the same group as root. I did it mostly to try to limit the damage I, as system administrator, might do, since at the time I knew nothing about UNIX & there I was recompiling the kernel, installing device drivers I had modified, etc. I no longer remember anything about what I assigned to which accounts, but the system did work & I was able to spin off a lot of my work to other grad students who had more interest in various parts of the system. Has anybody else looked at the potential protections afforded by having as little as possible owned by root, &, therefore, less risk if a user does get back his own shell with uid set? Blessed Be, Jeff Hull {decvax,hplabs,ihnp4,scdrdcf,ucbvax} 13817 Yukon Ave. trwrb!trwspp!spp2!jhull Hawthorne, CA 90250 [Ed note: This looks to me to be an excellent suggestion on how to improve overall system security by reducing to bare minimum the times that "root" is actually used. It has to be done carefully, though. Does anyone have any other examples of what can be done? RWH.] ------------------------------ Date: Mon, 18 Mar 85 11:24:22 est From: seismo!hadron!jsdy (Joseph S. D. Yao) Subject: number of open files > When you change a system header file like 'param.h', you'll have to > recompile all the system utilities which use that header file. > ... > [Ed note: I'm sure if it were as "easy" as just changing the header > file and re-compiling everything, that someone would have done it by > now. Let's be real careful out there! RWH.] I have done it. And it is and it isn't that simple. You see, there are people in our community who insist on n o t including system dependencies in their makefiles! (turrible, turrible, no?) Other than that -- yes, it is that simple. The major problems include: the size of the u-area changes, so all debuggers must be recompiled; 'ps' (of course) must be re-compiled; certain programs that close all file decriptors before exec-ing things (like shells, login, init, whatever, depending on your versions of each: also, editors, viewers, menu programs ...); and, as said before, anything that includes param.h or user.h. THEN, you have to go after the programs that hard-coded the define or (*shudder*) the constant into their code. ;-)/;-( Joe Yao hadron!jsdy@seismo.{ARPA,UUCP} Hadron, Inc. {seismo,prcrs,luhsavs,netex,isi}!hadron!jsdy [Ed note: Oh. RWH] ------------------------------ Date: Mon, 18 Mar 85 09:14:05 est From: sja@ih1ap.uucp Subject: Shells: programming and background pids > Here is an alias we use to kill off selected or all jobs. Instead of doing all that shell processing, this simple C program will kill all processes for the effective uid: #include <stdio.h> #include <sys/signal.h> #include <pwd.h> /* Kill all processes whose real user ID is equal to the effective * user ID of the invoker of this command. Sends a SIGTERM * to all processes, waits 10 seconds, and sends a SIGKILL to * any processes that weren't paying attention. */ main(argc, argv) int argc; char *argv[]; { struct passwd *getpwuid(); struct passwd *passwd; char s[512]; if ((passwd = getpwuid(geteuid())) == NULL) { fprintf(stderr,"%s: ERROR: Can't get effective uid\n", argv[0]); exit(1); } printf( "Are you sure you want to blow away all processes owned by uid [%s]\n", passwd -> pw_name); printf("Enter (y,n): "); gets(s); if (s[0] == 'y' || s[0] == 'Y') { signal(SIGTERM,SIG_IGN); kill(-1,SIGTERM); sleep(10); kill(-1,SIGKILL); } } ------------------------------ End of Unix Technical Digest ****************************** -- Ronald W. Heiby / ihnp4!{wnuxa!heiby|wnuxb!netnews} AT&T Information Systems, Inc. Lisle, IL (CU-D21)