surak@jessica.Stanford.EDU (Jayson Adams) (11/18/89)
Hola, Recently, someone mentioned stripping setuid bits from applications so that ordinary users can't change things (like the machine time and date). I don't think changing PrintManager's setuid bit is enough to prevent someone from exporting/de-exporting a printer 'cause NetInfo relies on a directory's _writers property (this property specifying which users can modify the directory). The _writers property for the printer directory on my machines had one item: "*", which means ANYONE can modify the printer directory's contents. So, in addition to removing the setuid bit, you should also change the "*" entry to "root" (in all relevant NetInfo domains) to prevent everyone except root from modifying printer export information. __jayson adams :-) Academic Information Resources Stanford University surak@jessica.stanford.edu