| 1 |
On Thursday 18 December 2003 2:36 pm, Kevin van Haaren wrote: |
| 2 |
> |
| 3 |
> Since I only have 2 machines to worry about, I'll just: |
| 4 |
> chgrp wheel /usr/sbin/traceroute |
| 5 |
> chmod 4750 /usr/sbin/traceroute |
| 6 |
|
| 7 |
Sorry for the slight delay in this message, but I've been on holiday for a |
| 8 |
while. |
| 9 |
|
| 10 |
I suggest that the use of groups would better serve this purpose. |
| 11 |
E.g. a nettools group, with traceroute, ping, etc chgrp'd and chmod'd 4750. |
| 12 |
Using an existing group such as wheel would mean that you would be allowing |
| 13 |
them to use /bin/su as well. |
| 14 |
|
| 15 |
A shadow group, with /etc/shadow as 640, so that applications don't need to be |
| 16 |
be setuid to root to read them - setgid shadow would be enough |
| 17 |
(/usr/kde/3.1/bin/kcheckpass for example) |
| 18 |
|
| 19 |
What Gentoo excels in is having very good defaults. I personally hate having |
| 20 |
to make the same change on every machine I install, and in this respect |
| 21 |
Gentoo is pretty good. |
| 22 |
|
| 23 |
Anyway, back to reading the rest of the thread... :) |
| 24 |
|
| 25 |
PS. Is this list archived anywhere? I couldn't find it on Google. |
| 26 |
|
| 27 |
|
| 28 |
-- |
| 29 |
|
| 30 |
The early bird may get the worm, but the second mouse gets the cheese. |
| 31 |
|
| 32 |
jabber: jcalum@××××××××××××.uk |
| 33 |
pgp: http://gk.umtstrial.co.uk/~calum/keys.php |
| 34 |
|
| 35 |
|
| 36 |
-- |
| 37 |
gentoo-security@g.o mailing list |
Archives