Groups, root, security 11 July 2023, 13:42:05 I'm considering how to configure my system to scrap a lot of groups I don't really understand the need for like floppy, tape, disk, mail, etc. Probably most users should be free to use most facilities if they're allowed to login. Perhaps broader groups like admin, staff, other would be ok. If I set umask to 002 and root's default group to admin then no logins as root should be necessary, collaboration and administration would be easy but there might be security trade-offs. I tried running cups as daemon:server (custom group) and it printed ok without cupshelper. I might change some Pkgfiles to not create these users and groups or specify others. With all the owner and group configuration in /var and /run I'm a bit hesitant.
Re: Groups, root, security Reply #1 – 11 July 2023, 22:52:44 While it's feasible, I think that removing system groups (even rarely if ever used ones) for the reasons you stated won't really make a difference. If you do proceed, don't touch any groups you see under /dev.
Re: Groups, root, security Reply #2 – 12 July 2023, 05:57:41 Quote from: nous – on 11 July 2023, 22:52:44While it's feasible, I think that removing system groups (even rarely if ever used ones) for the reasons you stated won't really make a difference. If you do proceed, don't touch any groups you see under /dev. Not quite sure what you mean, nous, you mean groups named for devices like floppy or lp? I don't need such fine-grained access control. Just a hobby system and don't mind who uses printer, scanner,etc Combine a few groups, perhaps..
Re: Groups, root, security Reply #3 – 12 July 2023, 08:26:49 I think nous meansCode: [Select]ls -l /dev | cut -d ' ' -f 4 | sort | uniq
Re: Groups, root, security Reply #4 – 12 July 2023, 12:32:33 Quote from: lotuskip – on 12 July 2023, 08:26:49I think nous meansCode: [Select]ls -l /dev | cut -d ' ' -f 4 | sort | uniq I got a blank line, root, and tss, lotuskip, apropos of which can you tell me what tss and tss-tpm are?
Re: Groups, root, security Reply #5 – 12 July 2023, 12:49:24 I can't exactly, but seems to have something to do with TPM, hardware cryptography; see https://wiki.archlinux.org/title/Trusted_Platform_ModuleYou sure got few groups there. I get disk, kmem, kvm, rfkill, root, tss, tty, uucp, video. And I think my system is pretty barebones...
Re: Groups, root, security Reply #6 – 13 July 2023, 03:56:29 If I do cat /etc/group I have about 50 groups. Don' t know why they should be listed in /dev, though. I see tpm2-tss is a crypto package "required" by libsecret. I find redhat a bit imperial sometimes. Last Edit: 13 July 2023, 04:04:53 by JHendry
Topic: Groups, root, security (Read 443 times)
previous topic - next topic
Topic: Groups, root, security (Read 443 times)
previous topic - next topic