Which commands (in /bin & /usr/bin) must have set user ID (for root)
Jack Jansen
jack at mcvax.uucp
Tue Oct 21 06:27:23 AEST 1986
Probably a *lot* of commands in /bin or /usr/bin don't need set-uid.
If you adopt a well-chosen group scheme, set-gid to a certain group
can be enough.
This is what is more-or-less done in BSD unix. For instance,
/dev/kmem is owned by the group 'kmem', and '/bin/ps' is setgid kmem.
This can easily be extended to programs like 'at', 'df', 'expreserve',
etc. The nice thing is that this is even possible if you don't
have a source license.......
--
Jack Jansen, jack at mcvax.UUCP
The shell is my oyster.
More information about the Comp.unix.wizards
mailing list