Gentoo Archives: gentoo-security

From: Calum <gentoo-security@××××××××××××.uk>
To: gentoo-security@l.g.o
Subject: Re: [gentoo-security] Changes to traceroute in newest release
Date: Wed, 14 Jan 2004 12:45:50
On Thursday 18 December 2003 2:36 pm, Kevin van Haaren wrote:
> > Since I only have 2 machines to worry about, I'll just: > chgrp wheel /usr/sbin/traceroute > chmod 4750 /usr/sbin/traceroute
Sorry for the slight delay in this message, but I've been on holiday for a while. I suggest that the use of groups would better serve this purpose. E.g. a nettools group, with traceroute, ping, etc chgrp'd and chmod'd 4750. Using an existing group such as wheel would mean that you would be allowing them to use /bin/su as well. A shadow group, with /etc/shadow as 640, so that applications don't need to be be setuid to root to read them - setgid shadow would be enough (/usr/kde/3.1/bin/kcheckpass for example) What Gentoo excels in is having very good defaults. I personally hate having to make the same change on every machine I install, and in this respect Gentoo is pretty good. Anyway, back to reading the rest of the thread... :) PS. Is this list archived anywhere? I couldn't find it on Google. -- The early bird may get the worm, but the second mouse gets the cheese. jabber: jcalum@××××××××××××.uk pgp: -- gentoo-security@g.o mailing list


Subject Author
Re: [gentoo-security] Changes to traceroute in newest release David Olsen <do@×××××××.com>
Re: [gentoo-security] Changes to traceroute in newest release Mike Frysinger <vapier@g.o>