Why does "root" own everything?

Mon Mar 14 05:30:50 AEST 1988

In article <5209 at uwmcsd1.UUCP>, jgd at csd1.milw.wisc.edu (John G Dobnick,EMS E380,5727,) writes:

> After nosing around in source directories, and after looking at various
> installation scripts, I was struck by a curiosity.  After thinking about
> the file security features of UNIX, and their total lack of applicability
> to "root", I was even more struck by this same curiosity.
> 
> Why does "root" seem to "own" everything?  Why is almost *all* installed
> software (at least that which is supplied *with* the stock system) installed
> by "root"? [I think these are really two statements of the same question.]

A file simply being owned by root is not a security hole, and
some might call it a security feature.  Note that this is just my
preference and other wizards may not share it -- flames are
welcome.  It is indeed easy to screw up as root but just as easy
with "library" or "bin" because it is not as "important" as root
so your guard might be down a bit -- boy am I generalizing here :-).
Let's say that I can somehow break the "bin" login.  I just
replace (say) /bin/ls with my own program.  This program will do
an exec on the "real" ls but if it is being run by root it will
do something special for me.  Basically, files not owned by root
are prime targets for security breaches.  It turns out that on
my machine has this bug: I can break the "bin" group and the /bin
directory is, by default:

   4 drwxrwxr-x   4 bin    bin     1680 Mar  6 04:49 /bin

I can write to /bin and have successfully gotten somebody to run my
phony ls as root. 

I can think of some convincing arguments on your side as well,
primarily related directly to your point of letting non-root do
system administration on a machine.  I'll let the other wizards
respond to that point.

> Subsidiary questions.  Is this organization historical?   Is it just laziness
> on the part of the [original/intermediate/recent] developers/distributors
> of UNIX?  Is this situation going to be addressed?  Is the situation different
> between the System V and Berkeley species of UNIX?  (We use the bsd variant,
> if that is really relevant to this issue.)

Root is the only uid whose number<-->name match is guaranteed on
all machines.  Tar and cpio and most other archiving programs
store the owner of a file as a number, not a name, and there is
the chance that the name upon read doesn't match the name upon
write.  This means that a file written with uid=1 (bin) might be
read as uid=1 (adm) and this is not necessarily what is wanted.

You ask a good question, and these are just my thoughts.

     Steve
-- 
Life : Stephen J. Friedl @ V-Systems, Inc./Santa Ana, CA   *Hi Mom*
CSNet: friedl%vsi.uucp at kent.edu  ARPA: friedl%vsi.uucp at uunet.uu.net
uucp : {kentvax, uunet, attmail, ihnp4!amdcad!uport}!vsi!friedl