SUMMARY: Improving security: who should own /etc ?

From: Ole Holm Nielsen (
Date: Thu Mar 12 1992 - 23:30:22 CST

My original question:

>Our local security guru has given us some very convincing arguments why
>the /etc directory should NOT be owned by user "bin", as it is
>installed by the default SunOS installation. It is all too easy to
>masquerade as user bin, and thereby get write-access to the /etc
>directory, with all sorts of nasty security implications. The
>recommended ownership of /etc is "root".
>Before doing this security measure on all of our machines, I would like
>to know if changing the ownership of /etc to "root" has any adverse
>effects ? Does anybody out there run their system in this mode ?

The answers were unanimous: Get the Sun patch 100103-10, which is a
script setting the permissions etc. of lots of files to more secure values.
I got my copy from in pub/sun-fixes/sunos4.1.1.
The README file goes like this:

Patch-ID# 100103-10
Keywords: security
Synopsis: SunOS 4.1.1, 4.1:script to change file permissions to a more secure mode
Date: 30-Sept-91
SunOS release: 4.1 4.1.1
Unbundled Product:
Unbundled Release:
BugId's fixed with this patch: 1046817 1047044 1048142 1054480 1037153 1039292 1042662

Architectures for which this patch is available: sun3, sun3x, sun4, sun4c

Obsoleted by: 5.0

Problem Description:
        File permissions on numerous files were set incorrectly in the build
        tape of 4.1 FCS. This script changes them back to what they should


MUST be run as root.

        # chmod 710 (restrict execution to root)
        # sh (run the script)

My thanks go to these people: (Ivan Dean) (Bede W P Seymour)
"John D. Barlow" <>
pln@egret1.Stanford.EDU (Patrick L. Nolan)
Travis L Priest <> (Jon Gilbert Wright) (Tom Barron)
Steinar Haug <>
Reino de Boer <>

Thanks, once again, for this marvelous list !
Ole Holm Nielsen
Laboratory of Applied Physics, Building 307
Technical University of Denmark, DK-2800 Lyngby, Denmark
Telephone: (+45) 42 88 24 88 ext. 3187
Telefax: (+45) 45 93 23 99
Permanent address:
UNI-C, Building 305
Technical University of Denmark, DK-2800 Lyngby, Denmark
Telephone: (+45) 42 88 39 99 (dial-tone) 2404 or 2244

This archive was generated by hypermail 2.1.2 : Fri Sep 28 2001 - 23:06:39 CDT