Root ownership vs wheel ownership
Hi everyone,
I am running some security reviews on a suite of RHEL5 servers and one of the findings is that /etc/init.d/nails is owned by wheel rather than root, sys, bin, adm, other, or system (isn't wheel part of "other" anyway? lol)
What are the security implications of having something like this owned by wheel vs being owned by root? There is no one in the wheel group who shouldn't be there; I just would like to understand what the difference is and why these scripts think it's a finding. There were several other directories and even log files that were owned by wheel instead of root or one of the other users mentioned and they came up as findings too. I have changed those without any ill effects. From what I understand, the wheel group is just a collection of users who are allowed to sudo, so isn't that essentially the same thing as being owned by root, other than the fact that potentially other users who are allowed to sudo could also do the same things root can?
I just don't really see the issue, since I would hope that people only put users they trust in the wheel group. Another set of findings shows that the "wheel group is the group owner of multiple rc files."
This is a high-security environment so maybe the tools are just excessively paranoid, but why do they seem to hate the wheel group so much? Maybe someone with more fundamental or technical unix security knowledge can shed some light on this.
Any ideas?
Thanks
Last edited by StupidNewbie; 08-06-2012 at 06:40 AM.
|