NFS security (was Re: Complex security mechanism is unsecure)
Masataka Ohta
mohta at necom830.cc.titech.ac.jp
Fri Dec 21 02:50:02 AEST 1990
In article <13995 at celit.fps.com> hutch at fps.com (Jim Hutchison) writes:
>From there we've observed that daemon and uucp are not all that great to get
>from workstation X either.
On 4.3BSD, /usr/bin/{at,atq,atrm} is owned by daemon.
On SunOS3.5 (we are still mainly using it because it is simple, fast and
stable), in.syslogd (executed from /etc/rc.local) is owned by daemon.
On SunOS4.0, (or, maybe, 4.0.3, I'm not sure) /usr/bin/yp is owned by bin.
>This issue has been addressed by the folks over at MIT where everyone can
>(atleast did) log into lab workstations as root. For a discussion of
>Kerberos and how it works with NFS,
I don't know much about Kerberos, so, Kerberos may have solved most (or all)
of the problem.
Anyway, forget about NFS (because it is already complex and thus not
appropriate as a simple example), and consider the relationships of
/etc/hosts.equiv, /.rhosts and ~/.rhosts.
On RISC/os 4.51, most commands are owned by bin, but still, BSD semantics
is maintained as for /etc/hosts.equiv, /.rhosts and ~/.rhosts.
Finally, on many systems, commands related to news are owned by news and
many local administrative news are posted by root.
Masataka Ohta
More information about the Comp.unix.internals
mailing list