*BSD News Article 88515


Return to BSD News archive

Path: euryale.cc.adfa.oz.au!newshost.carno.net.au!harbinger.cc.monash.edu.au!news.cs.su.oz.au!metro!metro!munnari.OZ.AU!news.ecn.uoknor.edu!news.wildstar.net!news.ececs.uc.edu!cloudbreak.rs.itd.umich.edu!newsxfer3.itd.umich.edu!howland.erols.net!news.mathworks.com!fu-berlin.de!news.belwue.de!news.uni-ulm.de!rz.uni-karlsruhe.de!not-for-mail
From: uk1o@rzstud2.rz.uni-karlsruhe.de (Felix Schroeter)
Newsgroups: comp.unix.bsd.freebsd.misc
Subject: Re: make a user root
Date: 4 Feb 1997 17:42:41 +0100
Organization: University of Karlsruhe, Germany
Lines: 30
Message-ID: <5d7ou1$11v@rzstud2.rz.uni-karlsruhe.de>
References: <ttt5-2801972101520001@help.schap.rhno.columbia.edu> <5cmgot$fap$1@tabby.kudra.com> <s9n20b44k2i.fsf@suncog13.forwiss.tu-muenchen.de>
NNTP-Posting-Host: rzstud2.rz.uni-karlsruhe.de
Mime-Version: 1.0
Content-Type: text/plain; charset=iso-8859-1
Content-Transfer-Encoding: 8bit
Xref: euryale.cc.adfa.oz.au comp.unix.bsd.freebsd.misc:35118

Hello!

In article <s9n20b44k2i.fsf@suncog13.forwiss.tu-muenchen.de>,
Walter Hafner  <hafner@suncog13.forwiss.tu-muenchen.de> wrote:
>[... good hints about the least privilege principle ...]

>Example: When installing software, always work as ordinary user and 'su'
>only for the final installation step!

There I contradict. I have my system source under /usr/src (full base system)
and local installations under /usr/src/local (if I have BSD style makefiles
or makefile wrappers for them) or /usr/src/local.nowrapper (custom makefiles).

And by a personal principle, nothing under /usr/src should be non-root
writeable. So a system rebuild (or a software addition to local or
local.nowrapper) has to run as root not only in the final install step.

>[...]

>tar zcf /dev/rsd0 *

I *like* BSD's secure mode.

>[...]

>Right! I have very good experiences with sudo!

Dito (felix = (all) all works wonder)

Regards, Felix.