Probably at least 25 responses and pretty much entirely in
agreement with other.
Thanks to all.
I'll quote Josh Wyatt who summarized it very well.
(The only other thng is to keep yourself logged in as you do it
and open up another session to confirm it works okay.)
***
>Hi Jim,
I would suggest the following guidelines when moving root's home:
1. Make sure it is a subdirectory of / that is *not* a mount point! It
must exist on the device / is mounted on, in other words. So if
/users
is a separate filesystem, do put put root's home there. You will
inevitably need to login as root one day without all filesystems
mounted.
2. chmod 700 root's new home directory.
3. put a fairly basic and restrictive .profile in the new home
directory. Something like this:
# an informative prompt
PS1="`/usr/bin/uname -n`# "
# cleanup root's path
PATH=/bin:/usr/bin:/sbin:/usr/sbin:/usr/ucb
export PATH
export PS1
# all files created will be mode 600
umask 077
# limit coredumps to zero 512-byte blocks
ulimit -c 0
4. Don't change root's shell. Some will say it can be done, and
they
are right... But it's a bad idea. Lots of shell scripts expect to be
run from within /sbin/sh, including some init scripts.
***
-----------------------------------------------------------------------------
>
> Some security guidelines want me to move root's home directory.
> Root's home dir is currently "/".
>
> If I move root's home directory to something like "/users/root",
> what concerns or issues do I need to resolve before doing such a
> change. Is it just .dtprofile, .profile, .login, .cshrc ?
> (I'm hesitant to "experiment", since I think one could "disable"
> proper login to the root acct.)
>
> Thanks,
> Jim
Jim Sauer
Defense Technical Information Center
NAS North Island, Bldg 1482, Box 357011
San Diego, CA 92135-7011
619-545-8789
jsauer@dticam.dtic.mil
S
U BEFORE POSTING please READ the FAQ located at
N ftp://ftp.cs.toronto.edu/pub/jdd/sun-managers/faq
. and the list POLICY statement located at
M ftp://ftp.cs.toronto.edu/pub/jdd/sun-managers/policy
A To submit questions/summaries to this list send your email message to:
N sun-managers@ececs.uc.edu
A To unsubscribe from this list please send an email message to:
G majordomo@sunmanagers.ececs.uc.edu
E and in the BODY type:
R unsubscribe sun-managers
S Or
. unsubscribe sun-managers original@subscription.address
L To view an archive of this list please visit:
I http://www.latech.edu/sunman.html
S
T
This archive was generated by hypermail 2.1.2 : Fri Sep 28 2001 - 23:14:15 CDT