[comp.unix.ultrix] System management and system file protection

crowston@athena.mit.edu (Kevin Crowston) (12/03/89)

I'm the new system manager of a small network of unix boxes (both Mac AU/X
and DecStation 3100 Ultrix).  I've been using UNIX for a while, so I'm
pretty comfortable with the commands and all, but I'm not really
sure what all I should be doing with them.  The documentation is pretty
good about how to do things, less good about what to do (to be fair,
I don't have all the Ultrix manuals).

The question I have right now is about setting up useful protections
on all the various files (like /etc/passwd, /usr/lib/aliases, etc.).
I'm not especially worried about malicious attacks, but I do want to
minimize the chance of accidents.  (I'm afraid one of these days I'll 
accidentally type rm * somewhere I shouldn't.)  For that reason, I
want to minimize the amount of stuff that you need to be super-user
to do, while still restricting it to a known group of users.  

What I've thought about doing is creating a group, like operator, and
giving that group read/write permissions on files like /etc/passwd,
/usr/lib/aliases, the root mail box, so that such a person can do all
the various routine maintenance operations without being a super-user.
Also, I'm planning to put most mailing lists in :included files and
making these publically writeable so people can add themselves to 
mailing lists and take themselves off.

Does this sound like a reasonable approach?  What other arrangements
do people use and like and recommend?  What files have I forgotten
about?  (Actually, if there are other helpful hints you have for
running a small network or pointers to articles that talk about this, 
that'd be interesting too.  Even weekly lists of chores, so I can check 
if I'm forgetting something...)

Finally, I seem to remember reading about a utility that looked through
the file system for common security holes.  Does anyone have a pointer
to such a program or perhaps even to an article about it?

Kevin Crowston

steveg@umd5.umd.edu (Steve Green) (12/03/89)

In article <1989Dec2.214424.5719@athena.mit.edu> crowston@athena.mit.edu (Kevin Crowston) writes:
< all kinds of stuff deleted >
>
>What I've thought about doing is creating a group, like operator, and
>giving that group read/write permissions on files like /etc/passwd,
>/usr/lib/aliases, the root mail box, so that such a person can do all
>the various routine maintenance operations without being a super-user.
>
< all the rest deleted >
Anyone who has write permission on /etc/passwd might as well be given the root
password.  Also, anyone that is doing work on a machine should not be in a mode
where he/she can do any damage.  That is, let users be users and give out the
root password to any {trusted} users that will need it.
What kinds of stuff do you want to let people do that they cant already do and
yet, not give them root power??

crowston@athena.mit.edu (Kevin Crowston) (12/03/89)

I'm sorry I wasn't clearer in my message.  I'm not particularly
concerned about people breaking in to superuser mode; in fact, on
our systems the root password is generally known.  What I want is
to make routine day-to-day operations not need to be root.  
This is mostly personal preference; I think it's overkill to be
able to do anything when in fact you mostly only want to do one
or two things and possibly dangerous when some of the people
doing the things aren't total hackers.  Furthermore, routine use
of super-user mode makes it less likely you stop and think
about what you're doing; after all, you do it all the time, right?

My impression is that Unix system management assumes a manager with 
the root password and a lot of knowledge and caution and a community of
essentially powerless users who ask the manager to do things.
However, as Unix works its way down to personal workstations and
microcomputers, I don't think that model is so applicable.  In 
particular, in our group I trust everyone's intentions and would
prefer to let them do the things they want rather than having to
do them myself; I just wish there were a way to make routine things
easy and more dangerous things hard (or rather, to put up enough
of a barrier that people stop to think about what they're doing and
maybe ask for help).  

Kevin Crowston

krs0@GTE.COM (Rod Stephens) (12/04/89)

In article <5719@umd5.umd.edu> steveg@umd5.umd.edu (Steve Green) writes:
>In article <1989Dec2.214424.5719@athena.mit.edu> crowston@athena.mit.edu (Kevin Crowston) writes:
>< all kinds of stuff deleted >
>>
>>What I've thought about doing is creating a group, like operator, and
>>giving that group read/write permissions on files like /etc/passwd,
< lots deleted >

>Anyone who has write permission on /etc/passwd might as well be given the root
>password.  Also, anyone that is doing work on a machine should not be in a mode
< lots more deleted >

While it is true that anyone with write permission on /etc/passwd can
break the system wide open, I think the idea is to protect the person
from accidentally doing something stupid. I must confess that I once
forgot that I was logged on as root and blew away about half of my
operating system.
-- 
Rod Stephens
GTE Laboratories, Inc
(617)466-4182