LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Security (https://www.linuxquestions.org/questions/linux-security-4/)
-   -   Root ownership vs wheel ownership (https://www.linuxquestions.org/questions/linux-security-4/root-ownership-vs-wheel-ownership-4175420624/)

StupidNewbie 08-06-2012 06:37 AM

Root ownership vs wheel ownership
 
Hi everyone,

I am running some security reviews on a suite of RHEL5 servers and one of the findings is that /etc/init.d/nails is owned by wheel rather than root, sys, bin, adm, other, or system (isn't wheel part of "other" anyway? lol)

What are the security implications of having something like this owned by wheel vs being owned by root? There is no one in the wheel group who shouldn't be there; I just would like to understand what the difference is and why these scripts think it's a finding. There were several other directories and even log files that were owned by wheel instead of root or one of the other users mentioned and they came up as findings too. I have changed those without any ill effects. From what I understand, the wheel group is just a collection of users who are allowed to sudo, so isn't that essentially the same thing as being owned by root, other than the fact that potentially other users who are allowed to sudo could also do the same things root can?

I just don't really see the issue, since I would hope that people only put users they trust in the wheel group. Another set of findings shows that the "wheel group is the group owner of multiple rc files."

This is a high-security environment so maybe the tools are just excessively paranoid, but why do they seem to hate the wheel group so much? Maybe someone with more fundamental or technical unix security knowledge can shed some light on this.

Any ideas?

Thanks

SAGOALEXANDER 08-06-2012 07:49 AM

Wheel is just a user group normally used by FreeBSD. Admin is usually added to the wheel group and root / administrator writes are usually awarded to whoever you put in that group. (as you said) However when you try to remote (ssh) into the server you will not be able to login as root. You will have to login as admin or another user you have in the wheel group.

It is pretty much the same thing as giving root or sudo privileges to a user and denying or turning off root access to the server. At least over ssh.

StupidNewbie 08-08-2012 12:52 PM

Ok, thanks for the response. It turns out the tools are just a little paranoid. I changed the ownership of the files/directories it was complaining about to root:root and now it likes it, lol.

Thanks!


All times are GMT -5. The time now is 06:18 AM.