.TH security "" "" "System Administration"
.PC
.PP
Because \*(CO is a multi-user, multi-tasking operating system
which can support users from remote terminals, steps must be taken to
ensure that the system is secure.
Sensitive information that is stored on the system must be protected
from being read or copied by unauthorized persons; files must be protected
against vandalization by intruders.
Unless a reasonable degree can be guaranteed, no multi-user operating
system can be trusted to archive important information.
.PP
In one sense, it is easy to achieve perfect security in a computer
system.
As Grampp and Morris have noted,
``It is easy to run a secure computer system.
You merely disconnect all dial-up connections, put the machine and
its terminals in a shielded room, and post a guard at the door.''
For practical uses, however, security means balancing ease of access
against restrictiveness:
users should have easy access to what is properly theirs, and should be
barred from system facilities that do not belong to them.
.PP
The \*(CO system has the following tools to assist with security.
.IP \fIPasswords\fR 1.0i
Every user account can be ``locked'' with a password.
Each user can assign her own password, and the system administrator
can set passwords for the superusers
.B root
and
.BR bin .
.IP
Passwords should be changed frequently.
A password should have at least six characters, should
.I not
be a common name or word, and preferably should include a mixture of
upper- and lower-case letters, to prevent decryption by brute-force methods.
.IP
Passwords should be guarded jealously.
In particular, the password for the superuser
.B root
should be kept secret, as she can read every file and execute every program
throughout the system.
.IP \fIPermissions\fR
Execution of system-level programs, such as
.BR mount ,
is restricted to the superuser
.BR root .
This prevents intruders from seizing superuser permissions through
unauthorized manipulation of system services.
Ordinary users are also restricted from directly access system devices,
for the same reason.
.IP
One potential hole in security is the setting the
.B setuid
bit on programs that are owned by the superuser
.BR root .
Setting this bit grant superuser privileges to whoever runs the program.
Two commands often have this bit set:
.B /etc/enable
and
.BR /etc/disable .
This is done to permit users, in particular user
.BR uucp ,
to enable and disable a port.
This, however, permits any user to enable or disable a device \(em including
the console device; which means that a cracker who breaks into your system
could lock you out of it if she wished.
.IP
The lesson is that you should not set the
.B setuid
bit on any program that is owned by
.B root
unless you have an excellent reason to do so.
.IP \fIEncryption\fR
The command
.B crypt
performs rotary encryption, similar to that used by the German Enigma machine.
Files of sensitive information should be encrypted, to protect them against
being read by unauthorized persons.
Note that encryption is the only true defense against unauthorized reading:
not even the superuser can read an encrypted file unless she has the
encryption key.
.PP
Many \*(CO systems have only one user and are not networked; for such
installations, the normal level of security may be an annoyance.
Passwords can be turned off by using the command
.B passwd
to set the password to
.BR <return> .
The command
.B chmod
can be used to widen access to devices and
system-level utilities; see the Lexicon entry for
.B chmod
for more information on file access.
.PP
Security ultimately is a system-wide responsibility.
To quote Grampp and Morris,
``By far, the greatest security hazard for a system ... is the set
of people who use it.
If the people who use a machine are naive about security issues, the machine
will be vulnerable regardless of what is done by the local management.
This applies particularly to the system's administrators, but ordinary
users should also take heed.''
.SH "See Also"
.Xr "Administering COHERENT," administe
.Xr "chmod," chmod.c
.Xr "crypt," crypt.c
.Xr "login," login
.Xr "passwd" passwd.c
.br
Grampp, F.T., Morris, R.H.:
\*(UN operating system security.
\fIAT&T Bell Lab Tech J\fR
1984;8:1649-1672.
