1 |
On Thursday 18 December 2003 2:36 pm, Kevin van Haaren wrote: |
2 |
> |
3 |
> Since I only have 2 machines to worry about, I'll just: |
4 |
> chgrp wheel /usr/sbin/traceroute |
5 |
> chmod 4750 /usr/sbin/traceroute |
6 |
|
7 |
Sorry for the slight delay in this message, but I've been on holiday for a |
8 |
while. |
9 |
|
10 |
I suggest that the use of groups would better serve this purpose. |
11 |
E.g. a nettools group, with traceroute, ping, etc chgrp'd and chmod'd 4750. |
12 |
Using an existing group such as wheel would mean that you would be allowing |
13 |
them to use /bin/su as well. |
14 |
|
15 |
A shadow group, with /etc/shadow as 640, so that applications don't need to be |
16 |
be setuid to root to read them - setgid shadow would be enough |
17 |
(/usr/kde/3.1/bin/kcheckpass for example) |
18 |
|
19 |
What Gentoo excels in is having very good defaults. I personally hate having |
20 |
to make the same change on every machine I install, and in this respect |
21 |
Gentoo is pretty good. |
22 |
|
23 |
Anyway, back to reading the rest of the thread... :) |
24 |
|
25 |
PS. Is this list archived anywhere? I couldn't find it on Google. |
26 |
|
27 |
|
28 |
-- |
29 |
|
30 |
The early bird may get the worm, but the second mouse gets the cheese. |
31 |
|
32 |
jabber: jcalum@××××××××××××.uk |
33 |
pgp: http://gk.umtstrial.co.uk/~calum/keys.php |
34 |
|
35 |
|
36 |
-- |
37 |
gentoo-security@g.o mailing list |