Hacker News new | ask | show | jobs
by jeroenhd 526 days ago
Unix was very much made for multi user environments. The problem with staying compatible with Unix today is that back when Unix came to be, everyone on the system was more or less trusted. The biggest security concern was making sure that everyone who was logged in was billed correctly.

On succifiently offline systems, you can still run software like that. It's quite freeing to have a server with 777 on your home directory when the biggest problem it'll cause is someone pranking you by altering your terminal color scheme to something hideous.
1 comments
noinsight 526 days ago
> Unix was very much made for multi user environments. ... The biggest security concern was making sure that everyone who was logged in was billed correctly.

I don't know about that... It doesn't even support multiple administrators. And you can't even distinguish between actions performed by the system itself and the administrative user.

Yes I know about sudo.

What do you need to do and what do the (even audit) logs say about who performed an activity whenever administrative activity happens?

link
timewizard 526 days ago
> It doesn't even support multiple administrators.

You can easily create multiple accounts that have the uid 0. Groups are a fundamental part of discretionary access system and several administrative groups exist by default. Your modern desktop oriented distribution may not take advantage of these facts.

> logs say about who performed an activity whenever administrative activity happens?

Simply enable process accounting and setup a program to capture that information. The early BSD distributions had this and had many command line tools to query the information it stored.

link
randomname93857 526 days ago
>> What do you need to do and what do the (even audit) logs say about who performed an activity whenever administrative activity happens? By activity you mean who run some process? doesn't enabling audit on all execve, execveat and looking at AUID besides EUID and UID fields tell you that? Or am I missing something? you may want to configure ENHANCED format in auditd for convenience.
link
noinsight 526 days ago
No, you are right. On Linux you can look at AUID. To be fair, I have no idea about others than Linux.
link