[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [cobalt-users] Disabling SU

Subject: Re: [cobalt-users] Disabling SU
From: "Rodolfo J. Paiz" <rpaiz@xxxxxxxxxxxxxx>
Date: Mon Apr 23 15:23:09 2001
List-id: Mailing list for users to share thoughts on Cobalt products. <cobalt-users.list.cobalt.com>

At 4/23/01 05:24 AM -0700, you wrote:

[shimi@www /bin]$ ls -l su
-rwsr-xr-x   1 root      root       13208 Apr 13  1999 su

so... as you can see, the "other" access is r-x, which means read+execute.

what you basically want is that only wheeled users could run this program,
right?

so I would do...

cd /bin
chgrp wheel su
chmod 750 su
chmod +s su

that would basically allow only to root and users in the wheel group to
run that program.

DANGER WILL ROBINSON! DANGER! One of the things that su does is to setuidroot; hence it must have the setuid bit for the user created as well. Youshould do:


chmod 4750 /bin/su

instead of what you have above, to put the setuid bit back in place.


--
Rodolfo J. Paiz
rpaiz@xxxxxxxxxxxxxx

Follow-Ups:
- Re: [cobalt-users] Disabling SU
  - From: shimi

References:
- [cobalt-users] Disabling SU
  - From: Raphael Foo

Prev by Date: Re: [Way OT!] Re: [cobalt-users] Change Telnet welcome msg
Next by Date: Re: [cobalt-users] Administration System
Previous by thread: Re: [cobalt-users] Disabling SU
Next by thread: Re: [cobalt-users] Disabling SU

Sun Cobalt Users Message Index

Sun Cobalt Users Thread Index