From: Amon Ott <ao@rsbac.org>
Subject: Re: my first install (2.4.0-test12)
Date: Wed, 27 Dec 2000 11:33:56 +0100
Next Article (by Date): Re: my first install (2.4.0-test12) Amon Ott
Previous Article (by Date): Re: 2.4.0.-test12 Amon Ott
Top of Thread: my first install (2.4.0-test12) "john huttley"
Next in Thread: Re: my first install (2.4.0-test12) Amon Ott
Articles sorted by: [Date]
[Author]
[Subject]
On Sam, 23 Dez 2000 john huttley wrote: > Hello, with a bit of persistence I have a partly working system now. > (2.4.0-test12 on RH7) Good. :) > Some questions. > > Programs such as atd and crond drop privs on startup. > > It seems that they also want to re-acquire root privs to run scripts on > behalf > of users. Does this mean that they have to be AUTH'd for setuid? Yes. You sure want to control what user atd can execute commands for. > Does su have to be AUTH'd for setuid? Yes, of course. If not, root could work as any user, e.g. user secoff/400. I do not trust root any further than I have to. You should be very careful about AUTH caps, because all access control relies on proper identification and authorization. Amon. - To unsubscribe from the rsbac list, send a mail to majordomo@rsbac.org with unsubscribe rsbac as single line in the body.
Next Article (by Date): Re: my first install (2.4.0-test12) Amon Ott
Previous Article (by Date): Re: 2.4.0.-test12 Amon Ott
Top of Thread: my first install (2.4.0-test12) "john huttley"
Next in Thread: Re: my first install (2.4.0-test12) Amon Ott
Articles sorted by: [Date]
[Author]
[Subject]