Re: my first install (2.4.0-test12)


From: Amon Ott <ao@rsbac.org>
Subject: Re: my first install (2.4.0-test12)
Date: Wed, 27 Dec 2000 11:33:56 +0100

Next Article (by Subject): Re: my first install (2.4.0-test12) Amon Ott
Previous Article (by Subject): Re: my first install (2.4.0-test12) "john huttley"
Top of Thread: my first install (2.4.0-test12) "john huttley"
Next in Thread: Re: my first install (2.4.0-test12) Amon Ott
Articles sorted by: [Date] [Author] [Subject]


On Sam, 23 Dez 2000 john huttley wrote:
> Hello, with a bit of persistence I have a partly working system now.
> (2.4.0-test12 on RH7)

Good. :)

> Some questions.
> 
> Programs such as  atd and crond drop privs on startup.
> 
> It seems that they also want to re-acquire root privs to run scripts on
> behalf
> of users. Does this mean that they have to be AUTH'd for setuid?

Yes. You sure want to control what user atd can execute commands for.
 
> Does su have to be AUTH'd for setuid?

Yes, of course. If not, root could work as any user, e.g. user secoff/400.
I do not trust root any further than I have to.

You should be very careful about AUTH caps, because all access control relies
on proper identification and authorization.

Amon.
-
To unsubscribe from the rsbac list, send a mail to
majordomo@rsbac.org with
unsubscribe rsbac
as single line in the body.

Next Article (by Subject): Re: my first install (2.4.0-test12) Amon Ott
Previous Article (by Subject): Re: my first install (2.4.0-test12) "john huttley"
Top of Thread: my first install (2.4.0-test12) "john huttley"
Next in Thread: Re: my first install (2.4.0-test12) Amon Ott
Articles sorted by: [Date] [Author] [Subject]


Go to Compuniverse LWGate Home Page.