1 |
On Fri, Jun 26, 2020 at 4:03 PM james <garftd@×××××××.net> wrote: |
2 |
> |
3 |
> So can some of the smarter (gentoo) folks illuminate how to totally |
4 |
> avoid groups and users, except for the minimum required, application |
5 |
> specific? For example like serial line tools, or outline a set of |
6 |
> tweaks/setting to avoid these altogether? |
7 |
> |
8 |
|
9 |
IMO if extra security is your goal then if anything you want to have |
10 |
MORE use of users rather than less. Everything should be least |
11 |
privilege, and usually that means having separate UIDs for everything, |
12 |
and then layering on stuff like namespaces/SELinux/capabilities/etc on |
13 |
top of that to further tailor things. |
14 |
|
15 |
Of course the more config you have like this, the more there is to |
16 |
audit. However, you also have to consider the failure mode. When you |
17 |
have layers of security and some layer fails, chances are that the |
18 |
failure still results in more containment than what you would have had |
19 |
if you didn't build the layers in the first place. |
20 |
|
21 |
Now, one thing that would result in fewer UIDs is installing less |
22 |
stuff. Maybe that is what you're getting at, and of course reducing |
23 |
the attack surface is a good thing. However, keep in mind that a UID |
24 |
in /etc/passwd doesn't actually do anything if no process runs with |
25 |
that UID - it is just a line in a text file. So, having a uucp group |
26 |
when no processes have access to it doesn't really cause issues. |
27 |
Removing the group doesn't actually make things more secure, because |
28 |
processes can use a gid even if it doesn't exist in /etc/groups. |
29 |
Effectively any POSIX system has every uid/gid available even if there |
30 |
is no /etc/passwd at all. |
31 |
|
32 |
-- |
33 |
Rich |