From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on inbox.vuxu.org X-Spam-Level: X-Spam-Status: No, score=-0.8 required=5.0 tests=HEADER_FROM_DIFFERENT_DOMAINS, MAILING_LIST_MULTI,RCVD_IN_DNSWL_NONE autolearn=ham autolearn_force=no version=3.4.2 Received: from minnie.tuhs.org (minnie.tuhs.org [45.79.103.53]) by inbox.vuxu.org (OpenSMTPD) with ESMTP id dee2f65d for ; Thu, 1 Aug 2019 21:24:02 +0000 (UTC) Received: by minnie.tuhs.org (Postfix, from userid 112) id B317C9BA96; Fri, 2 Aug 2019 07:24:00 +1000 (AEST) Received: from minnie.tuhs.org (localhost [127.0.0.1]) by minnie.tuhs.org (Postfix) with ESMTP id 129DD9BA80; Fri, 2 Aug 2019 07:23:35 +1000 (AEST) Received: by minnie.tuhs.org (Postfix, from userid 112) id 82BF69BA80; Fri, 2 Aug 2019 07:23:33 +1000 (AEST) Received: from viclamta30p.bpe.bigpond.com (viclamta30p.bpe.bigpond.com [203.38.21.94]) by minnie.tuhs.org (Postfix) with ESMTPS id 3D1BF9BA7E for ; Fri, 2 Aug 2019 07:23:32 +1000 (AEST) Received: from smtp.telstra.com ([10.10.26.4]) by viclafep30p-svc.bpe.nexus.telstra.com.au with ESMTP id <20190801212329.KMXL24954.viclafep30p-svc.bpe.nexus.telstra.com.au@smtp.telstra.com> for ; Fri, 2 Aug 2019 07:23:29 +1000 X-RG-Spam: Unknown X-RazorGate-Vade: gggruggvucftvghtrhhoucdtuddrgeduvddrleejgdduheejucetufdoteggodetrfdotffvucfrrhhofhhilhgvmecuuffpveftpgfvgffnuffvtfetpdfqfgfvnecuuegrihhlohhuthemuceftddtnecunecujfgurhepfffhvffujgfkfhgfgggtsehttddttddtredvnecuhfhrohhmpeffrghvvgcujfhorhhsfhgrlhhluceouggrvhgvsehhohhrshhfrghllhdrohhrgheqnecukfhppeduuddtrddugedurdduleefrddvfeefnecurfgrrhgrmhephhgvlhhopegrnhgvuhhrihhnrdhhohhrshhfrghllhdrohhrghdpihhnvghtpeduuddtrddugedurdduleefrddvfeefpdhmrghilhhfrhhomhepoegurghvvgeshhhorhhsfhgrlhhlrdhorhhgqedprhgtphhtthhopeeothhuhhhssehtuhhhshdrohhrgheqnecuvehluhhsthgvrhfuihiivgeptd X-RazorGate-Vade-Verdict: clean 0 X-RazorGate-Vade-Classification: clean X-RG-VS-CLASS: clean Received: from aneurin.horsfall.org (110.141.193.233) by smtp.telstra.com (5.8.335) id 5D19C875058E4FCE for tuhs@tuhs.org; Fri, 2 Aug 2019 07:23:28 +1000 Received: from aneurin.horsfall.org (localhost [127.0.0.1]) by aneurin.horsfall.org (8.15.2/8.15.2) with ESMTP id x71LNQ22044634 for ; Fri, 2 Aug 2019 07:23:26 +1000 (EST) (envelope-from dave@horsfall.org) Received: from localhost (dave@localhost) by aneurin.horsfall.org (8.15.2/8.15.2/Submit) with ESMTP id x71LNPcE044631 for ; Fri, 2 Aug 2019 07:23:26 +1000 (EST) (envelope-from dave@horsfall.org) X-Authentication-Warning: aneurin.horsfall.org: dave owned process doing -bs Date: Fri, 2 Aug 2019 07:23:25 +1000 (EST) From: Dave Horsfall To: The Eunuchs Hysterical Society In-Reply-To: <201908011235.x71CZP2B035023@tahoe.cs.Dartmouth.EDU> Message-ID: References: <201908011235.x71CZP2B035023@tahoe.cs.Dartmouth.EDU> User-Agent: Alpine 2.21.9999 (BSF 287 2018-06-16) X-GPG-Public-Key: http://www.horsfall.org/gpgkey.pub X-GPG-Fingerprint: 05B4 FFBC 0218 B438 66E0 587B EF46 7357 EF5E F58B X-Home-Page: http://www.horsfall.org/ X-Witty-Saying: "chmod 666 the_mode_of_the_beast" MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII; format=flowed Subject: Re: [TUHS] Who's behind the UNIX filesystem permission X-BeenThere: tuhs@minnie.tuhs.org X-Mailman-Version: 2.1.26 Precedence: list List-Id: The Unix Heritage Society mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: tuhs-bounces@minnie.tuhs.org Sender: "TUHS" On Thu, 1 Aug 2019, Doug McIlroy wrote: > A common failing of Unix administration was a proliferation of suid-root > programs, e.g. mail(1). I recall one system that had a hundred such > programs. Sudo provided a way station between suid and ACLs. I've always maintained that if you think you need setuid root (which is a gaping chest wound), you can invariably get away with setgid instead. ObTrivia: Back in the 80s, some third-party software needed to be installed under "root". I was suspicious, but I had little choice but to allow it (manager's orders; that company went under shortly after I left them). Eventually I discovered why, when I had to clean up the mess: it actually *unlinked* directories; yes, you read that right... -- Dave