Hard Links between UNIX Utility Programs

Bob Hoffman hoffman at pitt.UUCP
Sat Jul 30 04:53:41 AEST 1988


In article <185 at chip.UUCP> mparker at chip.UUCP (M. D. Parker) writes:
>... I want to prevent users from
>examining the mailq using the /usr/ucb/mailq program

I believe it can be done by setting protections and group-IDs
carefully.  First of all, I think it's safe to assume that you
don't want any of your users executing /usr/lib/sendmail directly
for any reason.  Sendmail is normally invoked by the users' mail
agent, e.g. /bin/mail, /usr/ucb/Mail, etc.  I propose a way of
restricting execution of /usr/lib/sendmail without losing any
functionality for the users sending or receiving mail or for the
administration of the mail facility.

1.  Create a group in /etc/group called 'mail' that includes the
    system manager.

	mail::7:root

2.  Change the group ID and protection on /usr/lib/sendmail (and its
    links, newaliases and mailq) so that only group 'mail' can execute it:

	-rwsr-x---  2 root     mail       112640 Mar 27 15:33 /usr/lib/sendmail

3.  Change the group ID and set-GID bits on each mail user agent and any other
    program that might have need to call sendmail:

	-rwsr-sr-x  1 root     mail        41984 Dec 30  1987 /bin/mail
	-rwxr-sr-x  1 root     mail        14336 Jun  6  1986 /bin/rmail
	-rwxr-sr-x  1 root     mail       185344 Jun  7 13:08 /usr/local/bin/elm
	-rwxr-sr-x  2 root     mail        74752 Dec 31  1987 /usr/ucb/Mail

4.  Finally, make sure /usr/spool/mqueue is not world-readable:

	drwxrwx---  2 root     mail         2048 Jul 29 14:50 /usr/spool/mqueue/

I believe this will do as Mr. Parker asks.  Have I overlooked anything?

-- 
Bob Hoffman, N3CVL       {allegra, bellcore, cadre, idis, psuvax1}!pitt!hoffman
Pitt Computer Science    hoffman at vax.cs.pittsburgh.edu



More information about the Comp.bugs.sys5 mailing list