> >Ok, I'll expose my ignorance and ask, what is the specific vulnerability > >of bin owned files? I understand how it is a problem on NFS exported > >files to insecure hosts, but what is the risk for files/dirs on a locally > >non-exported file system? What about groups, is bin a bad group also? > > > > > > The main problem I've ever had with bin owning system files and other > user id's owning things as well (daemon, gmaes, etc) is that it's just that > much more to watch for. With root owning all the important stuff > it centers your attention on that userid and prevention with just one > userid. > Also, another (similar) problem is when a host is trusted (recall /etc/hosts.equiv comes with a default "+" on some systems). trusted# su - bin trusted# rlogin gotcha gotcha$ who am i gotcha!bin ttyp3 May 17 08:54 gotcha$ ls -lgd /etc drwxr-sr-x 9 bin staff 2048 May 19 07:08 /etc gotcha$ cd /etc;mv passwd passwd.bak gotcha$ vi passwd #read in passswd.old, make changes etc... bad news! George