Bugtraq mailing list archives

Re: Re: Bad Advise

From: pwh () bradley bradley edu (Pete Hartman)
Date: Tue, 26 Jul 94 15:46:07 -0500

Christopher W. Klaus wrote:
% Here is some advise from Sun that I highly recommend you DO NOT DO.
%           Make the home directory owned by ``ftp'' and unwritable
%           by anyone. 
% I highly recommend you change that to owned by ``root''.  
I was thinking about ownership of the whole ftp-tree by user `nobody'. Are
there any benefits to using `root' instead of `nobody'?


Seems that since NFS access defaults to "nobody" that this is probably
the most insecure possible permission if someone can get nfs access to
the tree.

Current thread:

coredumps on setuid programs. ddzehr () telecom ksu edu (Jul 22)
- Re: coredumps on setuid programs. George Boyce (Jul 22)
  - Bad Advise Christopher Klaus (Jul 24)
    - Re: Bad Advise smb () research att com (Jul 25)
    - Re: Bad Advise Christopher Klaus (Jul 26)
    - Re: Bad Advise Chris Ellwood (Jul 25)
    - Re: Bad Advise G.J.W. Hagenaars (Jul 26)
    - Re: Bad Advise Mark Moraes (Jul 26)
    - Re: Bad Advise Philip Yzarn de Louraille (Jul 27)
    - Re: Bad Advise jim () Tadpole COM (Jul 26)
    - Re: Re: Bad Advise Pete Hartman (Jul 26)
    - Re: Bad Advise Evil Pete (Jul 26)
    - Re: Bad Advise David Lawrence Oppenheimer (Jul 26)
    - Re: Bad Advise Harold van Aalderen (Jul 26)
    - Re: Bad Advise Christopher Klaus (Jul 26)
    - Re: Bad Advise Timothy Newsham (Jul 27)
    - -froot??? (AIX rlogin bug) Eric Wedaa (Jul 29)
    - Re: -froot??? (AIX rlogin bug) Aaron Eppert (Jul 29)
    - Re: -froot??? (AIX rlogin bug) Mark G. Scheuern (Jul 30)
    - Re: -froot??? (AIX rlogin bug) Alexander Haiut (Jul 30)
    - Re: -froot??? (AIX rlogin bug) Baba Z Buehler (Jul 30)

(Thread continues...)