![[BACK]](/cvsweb/icons/back.gif){kind=icon}
Return to security CVS log ![[TXT]](/cvsweb/icons/text.gif){kind=icon}
![[DIR]](/cvsweb/icons/dir.gif){kind=icon}
Up to [MW Coherent from dump] / coherent / a / usr / man / COHERENT|
Return to security CVS log | Up to [MW Coherent from dump] / coherent / a / usr / man / COHERENT |
1.1 root 1:
2:
3: security Technical Information security
4:
5:
6:
7:
8: Because COHERENT is a multi-user, multi-tasking operating system
9: which can support users from remote terminals, steps must be
10: taken to ensure that the system is secure. Sensitive information
11: that is stored on the system must be protected from being read or
12: copied by unauthorized persons; files must be protected against
13: vandalization by intruders. Unless a reasonable degree can be
14: guaranteed, no multi-user operating system can be trusted to ar-
15: chive important information.
16:
17: In one sense, it is easy to achieve perfect security in a com-
18: puter system. As Grampp and Morris have noted, ``It is easy to
19: run a secure computer system. You merely disconnect all dial-up
20: connections, put the machine and its terminals in a shielded
21: room, and post a guard at the door.'' For practical uses,
22: however, security means balancing ease of access against restric-
23: tiveness: users should have easy access to what is properly
24: theirs, and should be barred from system facilities that do not
25: belong to them.
26:
27: The COHERENT system has the following tools to assist with
28: security.
29:
30: _P_a_s_s_w_o_r_d_s Every user account can be ``locked'' with a password.
31: Each user can assign her own password, and the system
32: administrator can set passwords for the superusers root
33: and bin.
34:
35: Passwords should be changed frequently. A password
36: should have at least six characters, should not be a
37: common name or word, and preferably should include a
38: mixture of upper- and lower-case letters, to prevent
39: decryption by brute-force methods.
40:
41: Passwords should be guarded jealously. In particular,
42: the password for the superuser root should be kept
43: secret, as she can read every file and execute every
44: program throughout the system.
45:
46: _P_e_r_m_i_s_s_i_o_n_s
47: Execution of system-level programs, such as mount, is
48: restricted to the superuser root. This prevents in-
49: truders from seizing superuser permissions through un-
50: authorized manipulation of system services. Ordinary
51: users are also restricted from directly access system
52: devices, for the same reason.
53:
54: _E_n_c_r_y_p_t_i_o_n
55: The command crypt performs rotary encryption, similar
56: to that used by the German Enigma machine. Files of
57: sensitive information should be encrypted, to protect
58: them against being read by unauthorized persons. Note
59: that encryption is the only true defense against un-
60: authorized reading: not even the superuser can read an
61: encrypted file unless she has the encryption key.
62:
63:
64: COHERENT Lexicon Page 1
65:
66:
67:
68:
69: security Technical Information security
70:
71:
72:
73:
74: Many COHERENT systems have only one user and are not networked;
75: for such installations, the normal level of security may be an
76: annoyance. Passwords can be turned off by using the command
77: passwd to set the password to <return>. The command chmod can be
78: used to widen access to devices and system-level utilities; see
79: the Lexicon entry for chmod for more information on file access.
80:
81: Security ultimately is a system-wide responsibility. To quote
82: Grampp and Morris, ``By far, the greatest security hazard for a
83: system ... is the set of people who use it. If the people who
84: use a machine are naive about security issues, the machine will
85: be vulnerable regardless of what is done by the local management.
86: This applies particularly to the system's administrators, but or-
87: dinary users should also take heed.''
88:
89: ***** See Also *****
90:
91: chmod, crypt, passwd, technical information
92: Grampp FT, Morris RH: UNIX operating system security. _A_T&_T _B_e_l_l
93: _L_a_b _T_e_c_h _J 1984;8:1649-1672.
94:
95:
96:
97:
98:
99:
100:
101:
102:
103:
104:
105:
106:
107:
108:
109:
110:
111:
112:
113:
114:
115:
116:
117:
118:
119:
120:
121:
122:
123:
124:
125:
126:
127:
128:
129:
130: COHERENT Lexicon Page 2
131:
132:
This archive runs on limited infrastructure. Preserving old code on modern bandwidth. Automated agents are requested to crawl responsibly.