[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Suid Manager Proposal



On Thu, 21 Nov 1996, Buddha Buck wrote:

bmbuck >I would recommend expanding this to a s/uid/gid manager, with similar 
bmbuck >semantics.

Configuration file:
-------------------

/etc/suid.conf

containing lines of the form

whodoneit binary user group mode

Where "whodoneit" is either the package name responsible for installing the
settings or "user" for a user override.

Example line:

sendmail /usr/bin/sendmail root mail 2755

Example override:

user /usr/bin/sendmail root root 4755 


Registering a binary (from postinst or an administrator modifying settings):
---------------------------------------------------------------------------

suidregister [options] binary user group mode

will modify the binary to have the given user group and mode.

where options can be:

-f		Force. A package does not allow the user to override settings. Enforce the
        	setting at all times. If a "user" line is present in /etc/suid.conf erase it.

-s <Package>	Standard settings for a package. This option must always be given if a package
		installs a setuid binary.

Calling suidregister without any options will simply verify that all the
settings are the way indicated in the config file. It gives warnings and
corrects each file not set up correctly.

Unregistering binaries (from postrm):
-------------------------------------
suidunregister binary


Example:

The postinst of sendmail could do the following:

suidregister -s sendmail /usr/bin/sendmail root mail 2755


And the postrm:

suidunregister /usr/bin/sendmail

debmake
-------
I could easily adapt debmake to do these calls for each package managed by
it without the developer having to do anything.


--
TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to
debian-devel-REQUEST@lists.debian.org . Trouble? e-mail to Bruce@Pixar.com


Reply to: