Note: Due to technical difficulties, the Archives are currently not up to date.
GMANE provides an alternative service for most mailing lists. c.f. bug 424647
On Thursday 18 December 2003 2:36 pm, Kevin van Haaren wrote:
>
> Since I only have 2 machines to worry about, I'll just:
> chgrp wheel /usr/sbin/traceroute
> chmod 4750 /usr/sbin/traceroute
Sorry for the slight delay in this message, but I've been on holiday for a
while.
I suggest that the use of groups would better serve this purpose.
E.g. a nettools group, with traceroute, ping, etc chgrp'd and chmod'd 4750.
Using an existing group such as wheel would mean that you would be allowing
them to use /bin/su as well.
A shadow group, with /etc/shadow as 640, so that applications don't need to be
be setuid to root to read them - setgid shadow would be enough
(/usr/kde/3.1/bin/kcheckpass for example)
What Gentoo excels in is having very good defaults. I personally hate having
to make the same change on every machine I install, and in this respect
Gentoo is pretty good.
Anyway, back to reading the rest of the thread... :)
PS. Is this list archived anywhere? I couldn't find it on Google.
--
The early bird may get the worm, but the second mouse gets the cheese.
jabber: jcalum@...
pgp: http://gk.umtstrial.co.uk/~calum/keys.php
--
gentoo-security@g.o mailing list
|
|
