permissions for suid tools
Jacek Konieczny
jajcus w bnet.pl
Czw, 11 Sty 2001, 11:16:31 CET
On Thu, Jan 11, 2001 at 11:11:21AM +0100, Sebastian Zagrodzki wrote:
> Is there any set of "standard" permissions for setuid tools?
> I mean apps like ping, mtr, traceroute and so on.
> As everybody know, setting 4755 on them is not what we would like to
> do...
> Possibilites are:
>
> 755, no suid by default
> 4710, owner root.root
> 4710, owner <some_group_that_can_use_these_tools>
>
> As for now, we have (for example):
> 4755 (ping)
> 4754 (traceroute6)
> 755 (targa)
IMHO for ping, traceroute, mtr it should be:
4710 root.icmp
NO suid-root program (except those using authentication like passwd, su, sudo)
should be executable by "others" by default. If someone needs such behaviour
hi can change permissions himself.
Greets,
Jacek
Więcej informacji o liście dyskusyjnej pld-devel-pl