1 |
On Sunday 11 January 2009, Mike Kazantsev wrote: |
2 |
|
3 |
> If blocking every possible user is too much trouble or you wish to |
4 |
> block just firefox, but not wget to http port for _all_ users (not the |
5 |
> same case as emerge from root) you can write a simple SUID wrapper for |
6 |
> firefox binary, which changes group to restricted one (but leaves uid |
7 |
> and home unchanged), |
8 |
|
9 |
Is this like creating a symlink to the original FF binary which you have moved |
10 |
somewhere else? Can you please explain? |
11 |
|
12 |
> then launches true firefox binary, to which only |
13 |
> that group has access. |
14 |
-- |
15 |
Regards, |
16 |
Mick |