From owner-freebsd-questions@FreeBSD.ORG  Sun Oct 26 08:34:02 2003
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id C393B16A4B3
	for <freebsd-questions@freebsd.org>;
	Sun, 26 Oct 2003 08:34:02 -0800 (PST)
Received: from mta6.srv.hcvlny.cv.net (mta6.srv.hcvlny.cv.net [167.206.5.72])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 064B843FAF
	for <freebsd-questions@freebsd.org>;
	Sun, 26 Oct 2003 08:34:00 -0800 (PST)	(envelope-from all@biosys.net)
Received: from megalomaniac.biosys.net
 (ool-43529ac2.dyn.optonline.net [67.82.154.194]) by mta6.srv.hcvlny.cv.net
 (iPlanet Messaging Server 5.2 HotFix 1.16 (built May 14 2003))
 with ESMTP id <0HND009RNI08L6@mta6.srv.hcvlny.cv.net> for
 freebsd-questions@freebsd.org; Sun, 26 Oct 2003 11:33:44 -0500 (EST)
Date: Sun, 26 Oct 2003 11:36:10 -0500
From: Allen Landsidel <all@biosys.net>
In-reply-to: <OCEOIEJGIDKIHFOMMCODMEPDCHAA.waif@ntropolis.com>
X-Sender: bsdasym@pop.hotpop.com
To: Jim <waif@ntropolis.com>, freebsd-questions@freebsd.org
Message-id: <6.0.0.22.0.20031026113459.024434d0@pop.hotpop.com>
MIME-version: 1.0
X-Mailer: QUALCOMM Windows Eudora Version 6.0.0.22
Content-type: text/plain; charset=us-ascii; format=flowed
Content-transfer-encoding: 7BIT
References: <OCEOIEJGIDKIHFOMMCODMEPDCHAA.waif@ntropolis.com>
Subject: Re: SUID /usr/bin/rsh on Stable 4.8 after installworld
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>,
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>,
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sun, 26 Oct 2003 16:34:02 -0000

At 09:10 10/26/2003, Jim wrote:

[snip]

>At some point in this process however, I get to cvsup, buildworld, and
>installworld.  This process re-enables the old permissions on the files I so
>diligently locked down.  I would expect there is a flag or include/exclude
>file somewhere I need to lookup to prevent cvsup from doing this in the
>first place, but like I said, I'm new.
>
>The problem I need help with though, is the fact that I cannot chmod 000
>certain binaries after this process (for example: /usr/bin/rsh,
>/usr/bin/yppasswd, /usr/bin/ypchfn, etc.).  The following occurs:
>
># chmod 000 /usr/bin/rsh
>chmod: /usr/bin/rsh: Operation not permitted

chflags is what you want
man chflags

specifically the schg flag.