Date: Thu, 28 Mar 2002 02:48:27 +1000 From: Andrew Kenneth Milton <akm@theinternet.com.au> To: Damien Palmer <dpalmer@northwestern.edu> Cc: Andrew Kenneth Milton <akm@theinternet.com.au>, security@FreeBSD.ORG Subject: Re: Question on su / possible hole Message-ID: <20020328024827.I40004@zeus.theinternet.com.au> In-Reply-To: <5.1.0.14.2.20020327103848.00acb498@casbah.it.northwestern.edu>; from dpalmer@northwestern.edu on Wed, Mar 27, 2002 at 10:43:33AM -0600 References: <20020327142432.GB30556@wjv.com> <20020327140006.GA30556@wjv.com> <20020328000329.E40004@zeus.theinternet.com.au> <20020327142432.GB30556@wjv.com> <20020328003506.F40004@zeus.theinternet.com.au> <5.1.0.14.2.20020327103848.00acb498@casbah.it.northwestern.edu>
next in thread | previous in thread | raw e-mail | index | archive | help
+-------[ Damien Palmer ]---------------------- | At 12:35 AM 3/28/2002 +1000, Andrew Kenneth Milton wrote: | >So remove world execute access from su, make an su-users group and chgrp | >su with that group ? | | Since su already belongs to the wheel group, and we are trying to restrict | su access to people in the wheel group, wouldn't it be simpler to just | chmod the command, so only the owner and the group have executable | permissions on it, and leave it in the wheel group? Or is there another | reasoning behind creating a new group that I am not seeing? Neatness? -- Totally Holistic Enterprises Internet| | Andrew Milton The Internet (Aust) Pty Ltd | | ACN: 082 081 472 ABN: 83 082 081 472 | M:+61 416 022 411 | Carpe Daemon PO Box 837 Indooroopilly QLD 4068 |akm@theinternet.com.au| To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020328024827.I40004>