Suid Manager Proposal
On Thu, 21 Nov 1996, Buddha Buck wrote:
bmbuck >I would recommend expanding this to a s/uid/gid manager, with similar
bmbuck >semantics.
Configuration file:
-------------------
/etc/suid.conf
containing lines of the form
whodoneit binary user group mode
Where "whodoneit" is either the package name responsible for installing the
settings or "user" for a user override.
Example line:
sendmail /usr/bin/sendmail root mail 2755
Example override:
user /usr/bin/sendmail root root 4755
Registering a binary (from postinst or an administrator modifying settings):
---------------------------------------------------------------------------
suidregister [options] binary user group mode
will modify the binary to have the given user group and mode.
where options can be:
-f Force. A package does not allow the user to override settings. Enforce the
setting at all times. If a "user" line is present in /etc/suid.conf erase it.
-s <Package> Standard settings for a package. This option must always be given if a package
installs a setuid binary.
Calling suidregister without any options will simply verify that all the
settings are the way indicated in the config file. It gives warnings and
corrects each file not set up correctly.
Unregistering binaries (from postrm):
-------------------------------------
suidunregister binary
Example:
The postinst of sendmail could do the following:
suidregister -s sendmail /usr/bin/sendmail root mail 2755
And the postrm:
suidunregister /usr/bin/sendmail
debmake
-------
I could easily adapt debmake to do these calls for each package managed by
it without the developer having to do anything.
--
TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to
debian-devel-REQUEST@lists.debian.org . Trouble? e-mail to Bruce@Pixar.com
Reply to: