[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [cobalt-users] Disabling SU

Subject: Re: [cobalt-users] Disabling SU
From: shimi <shimi@xxxxxxxxxxxxxxxx>
Date: Tue Apr 24 21:02:07 2001
List-id: Mailing list for users to share thoughts on Cobalt products. <cobalt-users.list.cobalt.com>

On Mon, 23 Apr 2001, Rodolfo J. Paiz wrote:

> At 4/23/01 05:24 AM -0700, you wrote:
> >[shimi@www /bin]$ ls -l su
> >-rwsr-xr-x   1 root      root       13208 Apr 13  1999 su
> >
> >so... as you can see, the "other" access is r-x, which means read+execute.
> >
> >what you basically want is that only wheeled users could run this program,
> >right?
> >
> >so I would do...
> >
> >cd /bin
> >chgrp wheel su
> >chmod 750 su
> >chmod +s su
> >
> >that would basically allow only to root and users in the wheel group to
> >run that program.
> 
> DANGER WILL ROBINSON! DANGER! One of the things that su does is to setuid 
> root; hence it must have the setuid bit for the user created as well. You 
> should do:
> 
> chmod 4750 /bin/su
> 
> instead of what you have above, to put the setuid bit back in place.
> 

That's what the chmod +s command does... at least on my machine... ?

- shimi.

References:
- Re: [cobalt-users] Disabling SU
  - From: Rodolfo J. Paiz

Prev by Date: [cobalt-users] Review of Rackshack.Net
Next by Date: RE: [cobalt-users] Webmin Install
Previous by thread: Re: [cobalt-users] Disabling SU
Next by thread: Re: [cobalt-users] Disabling SU

Sun Cobalt Users Message Index

Sun Cobalt Users Thread Index