security -- System Administration

Because COHERENT is  a multi-user, multi-tasking operating system which can
support users from remote terminals, steps must be taken to ensure that the
system is secure.  Sensitive information  that is stored on the system must
be protected from being read  or copied by unauthorized persons; files must
be  protected  against vandalization  by  intruders.   Unless a  reasonable
degree can be guaranteed, no  multi-user operating system can be trusted to
archive important information.

In one sense, it is easy  to achieve perfect security in a computer system.
As Grampp  and Morris  have noted,  ``It is easy  to run a  secure computer
system.  You merely disconnect all dial-up connections, put the machine and
its  terminals in  a shielded  room, and  post a guard  at the  door.'' For
practical uses,  however, security means  balancing ease of  access against
restrictiveness: users should have  easy access to what is properly theirs,
and should be barred from system facilities that do not belong to them.

The COHERENT system has the following tools to assist with security.

Passwords Every user account can  be ``locked'' with a password.  Each user
          can assign her own password, and the system administrator can set
          passwords for the superusers root and bin.

          Passwords should  be changed frequently.  A  password should have
          at least six characters, should not be a common name or word, and
          preferably  should include  a  mixture of  upper- and  lower-case
          letters, to prevent decryption by brute-force methods.

          Passwords  should  be  guarded  jealously.   In  particular,  the
          password for the superuser root should be kept secret, as she can
          read every file and execute every program throughout the system.

Permissions
          Execution of system-level  programs, such as mount, is restricted
          to  the  superuser root.  This  prevents  intruders from  seizing
          superuser permissions through unauthorized manipulation of system
          services.   Ordinary  users  are  also restricted  from  directly
          access system devices, for the same reason.

          One potential  hole in security is the setting  the setuid bit on
          programs that  are owned by the superuser  root. Setting this bit
          grant  superuser privileges  to  whoever runs  the program.   Two
          commands often  have this bit set:  /etc/enable and /etc/disable.
          This is done to permit  users, in particular user uucp, to enable
          and disable a port.  This, however, permits any user to enable or
          disable  a device  -- including the  console device;  which means
          that a cracker who breaks into  your system could lock you out of
          it if she wished.

          The  lesson is  that you  should not  set the  setuid bit  on any
          program that is owned by root unless you have an excellent reason
          to do so.

Encryption
          The  command crypt  performs rotary  encryption, similar  to that
          used  by   the  German   Enigma  machine.   Files   of  sensitive
          information should  be encrypted,  to protect them  against being
          read by  unauthorized persons.  Note that  encryption is the only
          true defense against unauthorized reading: not even the superuser
          can read an encrypted file unless she has the encryption key.

Many COHERENT  systems have only one  user and are not  networked; for such
installations, the normal level of security may be an annoyance.  Passwords
can  be turned  off by  using  the command  passwd to  set the  password to
<return>. The  command chmod can  be used to widen  access to devices
and  system-level  utilities; see  the  Lexicon entry  for  chmod for  more
information on file access.

Security ultimately  is a system-wide responsibility.   To quote Grampp and
Morris, ``By far, the greatest security  hazard for a system ... is the set
of people  who use  it.  If the  people who use  a machine are  naive about
security issues, the machine will  be vulnerable regardless of what is done
by  the  local  management.   This  applies  particularly to  the  system's
administrators, but ordinary users should also take heed.''

See Also

Administering COHERENT,
chmod,
crypt,
login,
passwd
Grampp, F.T., Morris,  R.H.: UNIX operating system security.  AT&amp;T Bell
Lab Tech J 1984;8:1649-1672.

© 2012 by Stephen A. Ness