chris@mimsy.UUCP (Chris Torek) (09/18/88)
In article <7036@ki4pv.uucp> tanner@ki4pv.uucp (Dr. T. Andrews) writes: >... certain progs need to poke around in /dev/kmem, /dev/disk, or >whatever: provide them with a "set group" bit (chmod 2111 /bin/df, &c.) >and arrange that the progs be owned uid=bin/group=sys. The important >files (/dev/kmem, /dev/disk, &c.) should be owned by group "sys", and >protected 0440. Something like this is already done in 4.3BSD. `df' is setgid operator; `write' is setgid `tty'; `ps' is setgid `kmem'. Not all possible setuid root programs were changed, but the easier ones were done long ago. -- In-Real-Life: Chris Torek, Univ of MD Comp Sci Dept (+1 301 454 7163) Domain: chris@mimsy.umd.edu Path: uunet!mimsy!chris