suid/sgid programy
Jiri
jiri.b at sendmail.cz
Tue Jun 15 05:07:10 CEST 2004
Hello users-l,
zajimalo by me vice o tom, proc potrebuji nektere programy byt
suid/sgid? jak zjistim proc jsou tak nastaveny a jak zjistim, ktere
mohu odstranit, kdyz bych je nemusel pouzivat?
docetl jsem se toto, ale nevim, jestli by to byla dobra cesta :)
One strategy is to remove the set-id bits from all files, then selectively add them back to just a few programs that need to be run by non-root users. The following commands will remove the set-uid and set-gid bit from all files, then add it back to su and the shared lib PAM version of the passwd command:
find / -perm -4000 -type f -exec chmod u-s {} \;
find / -perm -2000 -type f -exec
chmod g-s {} \;
chmod u+s
/usr/bin/su
chmod u+s
/usr/bin/passwd
diky za tipy a odkazy
--
Best regards,
Jiri mailto:jiri.b at sendmail.cz
More information about the Users-l
mailing list