Root or Superuser Powers

This contains links to information used in the lectures.

Unix model of ownership

Files
Unix files have permission (read,write,execute) for each of owner, group and other. The owner sets the permissions with chmod.
They can be seen by using ls -l (-g is needed for group in BSD/SunOS).


     uuugggooo
    -rwx--x--x   1 farrell  faculty    16384 Sep 28  1994 access*
    -rw-r--r--   1 farrell  faculty      542 Sep 26  1994 access.c
    -r--------   2 farrell  faculty       50 Sep 26  1994 bar
    ----rw----   2 farrell  faculty       50 Sep 26  1994 odd
    -------rw-   2 farrell  faculty       50 Sep 26  1994 stupid
    lrwxr-xr-x   1 farrell  faculty        2 Sep 22 01:04 here@ -> ..

Unix uses numbers internally for user (from password file /etc/passwd) and group (from /etc/group)

Processes
Each process has a real and effective UID (user id) and a real and effective GID (group id). Real used for accounting, effective for access permissions.
- used by kernel to determine permissions, accounting etc. (owner) of the program.
- user may be in more than one group
- Note that executing a set-user-id (setuid) program (using exec) will normally change the effective user and group ids. More information.
- Group ID - real group id and effective group id
Exec'ing a setuid program is the mechanism used by programs to gain superuser privileges.

Superuser

UID 0 is treated differently than any other. It is said to have superuser privileges. Conventionally UID 0 is called root. The superuser can access any local file or process. Certain system calls can only be executed by root for example:

Mounting and unmounting filesystems
Changing the root directory of a process
Creating device files
Setting system clock
Changing ownership of files (BSD) - this can effect quotas
Raising resource limits and setting priorities
Setting hostname
Configuring network interfaces
Shutting down

root programs can change ownership at will. login is a good example.

Root password choice

Since it is important that the root password be secure, it should not be an easily guessed word. Various systems enforce rules on password, such as that the password be mixed case or contain at least one special character. Root passwords should be the full eight characters - longer is useless, since only eight are checked. There are also recommendations.

One should change the password regularly, when anyone with superuser privileges leaves, and if security has been compromised.

Becoming Root

login
The superuser has a login root.
su
This prompts for root password and starts a root shell. Note that it does not run roots login script or change to the root home directory.
Be careful that one is actually executing /bin/su not some user script.
It can also be used to become other users, by su username. If the first argument to su is a -, the environment is changed to what would be expected if the user actually logged in as the specified user.
sudo
Problems with root:
- Power is omnipotent
- No record of operations
- May be group login - cannot tell who did what
sudo is a program to allow limited root logins, for example to do backups. sudo uses a file /etc/sudoers to list people who can sudo and the commands they can run. There is a special visudo to edit this file.
Sudo
- allows multiple commands but timesout after 5 mins inactivity.
- keeps log of commands executed
Syntax is sudo command arguments.
Advantages:
- More accountability
- Limited root privileges
- Smaller group knows root password
- sudo is faster than su
- Privileges can be granted and revoked easily
- A list is maintained
- Different privileges can be given on different machines on the net
Of course security is not absolute, for example sudo csh or sudo su would circumvent it, if allowed.

Other system users - daemon, bin, sys, nobody

daemon - Owner of unprivileged software
Usually UID 1. Files belonging to UNIX often belong to daemon rather than root for security reasons. Also a group called daemon.
bin - Owner of system commands, directories and executables
sys - Owner of Kernel and memory images - not universal
nobody - Owner of nothing
Many systems have user nobody with UID -1 or -2. Since UID are short ints this appears as 32767. nobody owns software that does not require special permissions, for example NFS uses it.

Also may be adm, uucp, lp, http and others.
These are usually the earliest entries in the password file. For example :


root:*:0:3::/:/sbin/sh
daemon:*:1:5::/:/sbin/sh
bin:*:2:2::/usr/bin:/sbin/sh
sys:*:3:3::/:
adm:*:4:4::/var/adm:/sbin/sh
uucp:*:5:3::/var/spool/uucppublic:/usr/lbin/uucp/uucico
lp:*:9:7::/var/spool/lp:/sbin/sh
nuucp:*:11:11::/var/spool/uucppublic:/usr/lbin/uucp/uucico
hpdb:*:27:1:ALLBASE:/:/sbin/sh
http:*:71:102::/local/opt/httpd:/usr/bin/false

Paul A. Farrell
Wednesday, January 17, 1996