From mboxrd@z Thu Jan 1 00:00:00 1970 Message-ID: <9ce0bd0b2d5fd8e6040601f0fc6b37d9@swtch.com> To: 9fans@cse.psu.edu Subject: Re: [9fans] Re: wiki changes From: "Russ Cox" Date: Thu, 16 Feb 2006 12:22:49 -0500 In-Reply-To: MIME-Version: 1.0 Content-Type: text/plain; charset="US-ASCII" Content-Transfer-Encoding: 7bit Topicbox-Message-UUID: ffdc39ac-ead0-11e9-9d60-3106f5b1d025 > But sys is member of group adm by default. I'm still somewhat > confused as to what the roles of each are, adm as far I can see just > owns a few files under /adm, which can be written to by sys anyway, so > what is the purpose of adm? adm is the user corresponding to the file server. File server files (like /adm/users) are owned by adm. You cannot attach as adm. It is explicitly disallowed. You can use this to create files that can be modified only on the file server console. If you take sys out of adm (done on more paranoid systems) then you can be sure no one but the file server is editing things like /adm/users. An empty adm group was the default on the worm file server. Even having sys in adm doesn't open the system very much, since that's the sys user, not the sys group. Russ