LinuxQuestions.org
Visit Jeremy's Blog.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 08-06-2012, 07:37 AM   #1
StupidNewbie
Member
 
Registered: Dec 2007
Posts: 71

Rep: Reputation: 16
Root ownership vs wheel ownership


Hi everyone,

I am running some security reviews on a suite of RHEL5 servers and one of the findings is that /etc/init.d/nails is owned by wheel rather than root, sys, bin, adm, other, or system (isn't wheel part of "other" anyway? lol)

What are the security implications of having something like this owned by wheel vs being owned by root? There is no one in the wheel group who shouldn't be there; I just would like to understand what the difference is and why these scripts think it's a finding. There were several other directories and even log files that were owned by wheel instead of root or one of the other users mentioned and they came up as findings too. I have changed those without any ill effects. From what I understand, the wheel group is just a collection of users who are allowed to sudo, so isn't that essentially the same thing as being owned by root, other than the fact that potentially other users who are allowed to sudo could also do the same things root can?

I just don't really see the issue, since I would hope that people only put users they trust in the wheel group. Another set of findings shows that the "wheel group is the group owner of multiple rc files."

This is a high-security environment so maybe the tools are just excessively paranoid, but why do they seem to hate the wheel group so much? Maybe someone with more fundamental or technical unix security knowledge can shed some light on this.

Any ideas?

Thanks

Last edited by StupidNewbie; 08-06-2012 at 07:40 AM.
 
Old 08-06-2012, 08:49 AM   #2
SAGOALEXANDER
LQ Newbie
 
Registered: Aug 2011
Location: Tampa, Florida
Distribution: Ubuntu
Posts: 4

Rep: Reputation: Disabled
Wheel is just a user group normally used by FreeBSD. Admin is usually added to the wheel group and root / administrator writes are usually awarded to whoever you put in that group. (as you said) However when you try to remote (ssh) into the server you will not be able to login as root. You will have to login as admin or another user you have in the wheel group.

It is pretty much the same thing as giving root or sudo privileges to a user and denying or turning off root access to the server. At least over ssh.
 
Old 08-08-2012, 01:52 PM   #3
StupidNewbie
Member
 
Registered: Dec 2007
Posts: 71

Original Poster
Rep: Reputation: 16
Ok, thanks for the response. It turns out the tools are just a little paranoid. I changed the ownership of the files/directories it was complaining about to root:root and now it likes it, lol.

Thanks!
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Non-root user set ownership for others... Meson Linux - Security 8 10-11-2008 08:36 PM
Root file ownership problems AF_user Linux - Newbie 5 10-10-2008 02:08 PM
Partition ownership user or root drudge Linux - General 4 09-22-2007 12:29 PM
apache doc root ownership lt_wentoncha Linux - Software 3 06-30-2006 05:54 PM
I've tried everything - Can't Change Root Ownership of USB HD rrrssssss Linux - Newbie 5 11-24-2005 05:52 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 04:52 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration