HPE Community
Operating System - HP-UX
1834149 Members
2298 Online
110064 Solutions
New Discussion

Move root .profile to /root/home

 
SOLVED
Go to solution
David Peacock
Frequent Advisor

‎12-24-2001 11:37 AM

‎12-24-2001 11:37 AM

Move root .profile to /root/home

For security reasons I am thinking of moving root's .profile to /root/home. I want to ask your opinion on this.

I would do this
by creating a directory /root/home and
changing field 6 of root's entry in /etc/passwd. Then I would move .profile over to /root/home


/root/home would be on the / filesystem, so
it would be available on a limited boot system.

Do I move my other dot files, like:
.ICEauthority
.TTauthority
.Xauthority
.dt
.dtprofile
.elm
.gpmhp-machinename
.hh
.kshrc
.mailrc
.netscape
.plan
.q4rc.pl
.sh_history
.sw .unishared
.ustk_root
????

Is it worth it?
What are advantages/disadvantages?
veni, vidi, vmstat
0 Kudos
Reply
7 REPLIES 7
David Peacock
Frequent Advisor

‎12-24-2001 11:44 AM

‎12-24-2001 11:44 AM

Re: Move root .profile to /root/home

When I:

# cd /
# mkdir /root/home

Can I assume this is on the / filesystem?
what permissions should be on /root and
/root/home directories?

veni, vidi, vmstat
0 Kudos
Reply
fg_1
Trusted Contributor

‎12-24-2001 11:54 AM

‎12-24-2001 11:54 AM

Re: Move root .profile to /root/home

David

This is a great idea to do, most people now do this to take advantage of the added security you have.

Typically we set the permissions on this directory to be 750.

Good luck to you.

0 Kudos
Reply
Bill Hassell
Honored Contributor

‎12-24-2001 12:56 PM

‎12-24-2001 12:56 PM

Solution

Re: Move root .profile to /root/home

You should probably simplfy /root/home to simply /root. You are correct as far as just changing field 6. Be sure to use vipw rather than vi /etc/passwd (as a good habit) to make the change, and also, keep your current session open and start another window to use in testing after the move. You don't want root locked out due to a spelling error.

Now move all ordinary files to root's new home. Note that dotfiles (files that start with .) will need to specified as:

mv /.??* /root

Note the special .??* to exclude .. (which exists even in /) to prevent moving /../ files and directories.

Now move the rest of the files to root's $HOME. iOrdinary files never belong in the / directory. Use this to find all non-directories:

ll / | grep -v ^d

This finds ordinary files, device files, pipes, all sorts of root 'droppings'. Be sure to leave the two symlinks for /bin and /lib if present.

Making root's $HOME more secure is very important. The / directory is the most vulnerable directory there is, especially when it is root's $HOME. Many sysadmins will tell you about the famous "rm -rf *" Club. When root's $HOME is moved to /root, the worst that you might do by accident is to remove a few local files (which are of course, regularly backed up).


Bill Hassell, sysadmin
Reply
harry d brown jr
Honored Contributor

‎12-25-2001 09:52 AM

‎12-25-2001 09:52 AM

Re: Move root .profile to /root/home

David, we setup everyone of our root accounts on our 300+ HP and 50+ Sun servers to /root, and yes, every thing is placed there, including the limited use of .rhosts files. This leaves the "/" (root directory) clean of most files, making the root directory just another directory (less clutter). Personally, I agree with Bill, that you should use /root and not /root/home (not that it really matters, but it makes more logical sense).

live free or die
harry
Live Free or Die
0 Kudos
Reply
Marco Paganini
Respected Contributor

‎12-25-2001 05:07 PM

‎12-25-2001 05:07 PM

Re: Move root .profile to /root/home

Hello David,

If you change /etc/passwd and move all the '.*' files to root's new home (in your case /root/home, but I'd use just /root), everything should be just fine.

I normally do this to avoid problems and trigger happy people using the 'rm' command. :)

Regards,
Paga
Keeping alive, until I die.
0 Kudos
Reply
Roger Baptiste
Honored Contributor

‎12-25-2001 06:52 PM

‎12-25-2001 06:52 PM

Re: Move root .profile to /root/home

hi,

Yes, it is a good security move to have root homedirectory as a separate directory other than / . /root should be fine.

To answer your question:
/root will be a part of / filesystem, since
you are just creating a directory. To confirm it, go to
# cd /root (or cd /root/home as per the directory) and do
#bdf . (i.e dot)

It gives the filesystem of the existing directory entry, which should be / .

AS for copying files, the basic things needed are .profile, .execrc, .kshrc and
.dtprofile. But, note that it is not advisable
to login directly as root. Use SUDO or SU
command to login to root after logging in with a regular userid.

HTH
raj
Take it easy.
0 Kudos
Reply
Steven Sim Kok Leong
Honored Contributor

‎12-25-2001 07:31 PM

‎12-25-2001 07:31 PM

Re: Move root .profile to /root/home

Hi,

One other security implementation is to make use of chroot to create a "dummy" / filesystem.

When an intruder logs on as root, he will see a dummy configuration files in /etc such as /etc/passwd file etc.

A trapdoor needs to be created for you to access the real /. That must not be easily accessible by an intruder.

Hope this helps. Regards.

Steven Sim Kok Leong
Brainbench MVP for Unix Admin
http://www.brainbench.com
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.