From owner-freebsd-security Mon Jul 10 11:49:06 1995 Return-Path: security-owner Received: (from majordom@localhost) by freefall.cdrom.com (8.6.10/8.6.6) id LAA17948 for security-outgoing; Mon, 10 Jul 1995 11:49:06 -0700 Received: from everest (dtr.rain.com [204.119.8.19]) by freefall.cdrom.com (8.6.10/8.6.6) with ESMTP id LAA17940 for ; Mon, 10 Jul 1995 11:49:03 -0700 Received: (from root@localhost) by everest (8.6.11/8.6.9) id LAA08285 for security@freebsd.org; Mon, 10 Jul 1995 11:49:04 -0700 From: Brant Katkansky Message-Id: <199507101849.LAA08285@everest> Subject: FreeBSD group execute permission To: security@freebsd.org Date: Mon, 10 Jul 1995 11:49:02 -0700 (PDT) X-Mailer: ELM [version 2.4 PL24] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Content-Length: 1032 Sender: security-owner@freebsd.org Precedence: bulk At my site, I want to be able to have two classes of users: normal users with access to a full suite of binaries, and restricted users with a limited selection of binaries. Due to some additional requirements, a chroot environment is not desirable. One way I've thought of to do this is to assign all of the restricted users to group 'restrict' and make all the system bin directories "chgrp restrict" with no group read or execute permission. In other words: directory /usr/local/bin owner=bin group=restrict mode=0505 An additional directory with unrestricted binaries would be provided: directory /usr/local/rbin owner=bin group=bin mode=0555 The users in the restricted group would have no shell or ftp access, so should not be able to load thier own binaries. Access would be provided via a menu, and only "safe" programs would be allowed. I've tested this method and it appears to achieve what I want, but I'd like to know a few things: * is there a better way? * are there additional security concerns?