I’m part of the Nexus Project, a volunteer-run Linux server cluster at Carleton; we do a couple of cleverish things, like supporting the Robotics club, providing server space to various organizations and so on. This year, we’ve started looking for new people to admin the system, and as a result we’ve had to make some decisions about who we give root access to, and who we don’t.
Now, Linux is a hard thing to learn, because there’s an awful lot of it, and a lot of it does some pretty wierd and nonintuitive stuff. The available documentation is almost universally awful, and missteps with root access can be costly; it’s a good idea to pause for a breath between the end of the command and the hitting of return, because when you’ve got a howitzer hanging from your belt shooting yourself in the foot just isn’t funny.
So we’ve had to come up with a simple test. You’re welcome to take it yourself, but I won’t give you the password either way. Here it is, in its entirety:
1) What is wrong with the following?
root@nexus:/bin$ chmod +s chmod
Remember, no peeking.
Update: Lara has nailed it, read on.
“Okay, set permissions for chmod to be the same as root, so anyone could have full permissions for whatever files they wanted with a simple chmod 777 command (or whatever the Linux equivalent is).”
Precisely. The “+s” thing means that when the recipient program is executed, it runs with the permissions of that program’s owner (see chown) rather than the executor. In chmod’s case, that’s invariably root. Which means that anybody can change anything else to run with root permissions which is, from a network security perspective, the end of the world. You need to be root to start the ball rolling, so Shaver’s observation in the first comment is of course correct: the problem with that line is that the person should never have been given root access in the first place.
I like this test for two reasons. The first one has a very low barrier to entry – you need to know what chmod +s does – but you also have to know why allowing chmod to run as root all the time is a catastrophically bad idea. The second one, though, is that you have to have done a little bit of research to figure that out, because “man chmod” tells you nothing except “look at ‘info chmod'” and info pages are a bad joke.
My theory is that if you’ve struggled through the awful documentation to figure out what something as obscure as that (try “man setuid”, for kicks) and you’re willing to volonteer your time to a student project, then you’re probably one of the good guys.