suid/sgid programy

Jiri jiri.b at sendmail.cz
Tue Jun 15 05:07:10 CEST 2004


Hello users-l,

  zajimalo by me vice o tom, proc potrebuji nektere programy byt
  suid/sgid? jak zjistim proc jsou tak nastaveny a jak zjistim, ktere
  mohu odstranit, kdyz bych je nemusel pouzivat?

  docetl jsem se toto, ale nevim, jestli by to byla dobra cesta :)

One strategy is to remove the set-id bits from all files, then selectively add them back to just a few programs that need to be run by non-root users. The following commands will remove the set-uid and set-gid bit from all files, then add it back to su and the shared lib PAM version of the passwd command:

find / -perm -4000 -type f -exec chmod u-s {} \; 
find / -perm -2000 -type f -exec 
chmod g-s {} \; 
chmod u+s 
/usr/bin/su 
chmod u+s 
/usr/bin/passwd

diky za tipy a odkazy

-- 
Best regards,
 Jiri                          mailto:jiri.b at sendmail.cz




More information about the Users-l mailing list