/ owned by bin causes sshd to complain bad ownership
Dag-Erling Smørgrav
des at des.no
Sat Jun 23 15:35:47 UTC 2012
Garance A Drosehn <gad at FreeBSD.org> writes:
> At one time I read that having directories/files owned by root was a
> security benefit when considering the -maproot=<x> for NFS exports.
> All unix systems recognize UID=0 means root, and there is no other
> UID which all unix systems agree on. Disclaimer: I rarely use NFS,
> so I don't really pay attention to the details. I may have the wrong
> idea for what the advantage is, but it was some kind of connection
> with UID=0 and NFS exports or imports.
-maproot=foo means that requests coming from root on the client are
treated as if the came from the user "foo" instead.
If binaries are owned by bin, root on the client can su to bin and
modify them. If they are owned by root and the server maps root to an
unprivileged user (e.g. "nobody"), root on the client can't touch them.
DES
--
Dag-Erling Smørgrav - des at des.no
More information about the freebsd-security
mailing list