RE: Use of suidmanager
On Tue, 24 Jun 1997, Michael Meskes wrote:
>It seems I misunderstood what suidmanager does.
>But I still don't see the reason for non-setuid programs listed there
>by default. Does that mean 'You can make this program suid, but we
>prefer it to be not-suid.'?
It means that a program has registered a binary and will respect changed
permissions for that file when upgraded. If you generate an entry in
/etc/suid.conf manually it usually means that the package who contains
that binary does not make any provisions made to preserve permissions. On
the next upgrade those permissions will be lost and you need to run
to restore the permissions to the configuration in /etc/suid.conf.
What it means for debmake is: I really would like those binaries to be
setuid (restricted to execution only by a group) and it is necessary to
use the full capabilities that debmake provides. But there was a
significant disagreement about having such binaries installed by default.
Fantastic rumours and imaginative stories about setuid binaries in debmake
began to be spread on debian-devel and so I finally decided to not install
those permissions by default.
That was the initial motivation to develop suidmanager by the way....
>Dr. Michael Meskes, Projekt-Manager | topsystem Systemhaus GmbH
>email@example.com | Europark A2, Adenauerstr. 20
>firstname.lastname@example.org | 52146 Wuerselen
>Go SF49ers! Go Rhein Fire! | Tel: (+49) 2405/4670-44
>Use Debian GNU/Linux! | Fax: (+49) 2405/4670-10
>>From: Christoph Lameter [SMTP:email@example.com]
>>Sent: Tuesday, June 24, 1997 4:51 PM
>>To: Michael Meskes
>>Cc: Die Adresse des Empfängers ist unbekannt.
>>Subject: RE: Use of suidmanager
>>On Tue, 24 Jun 1997, Michael Meskes wrote:
>>>But that means we have to add all permission since all are configurable.
>>>Isn't it a better idea to save the standard setting only for those
>>>programs that are setuid by default?
>>I am not sure that I understand this.
>>/etc/suid.conf contains permission for suid candidates in order to make it
>>easy to give those files suid status by simply editing the file.
>>entries in suid.conf also will cause the preservation of those permissions
>>--- +++ --- +++ --- +++ --- +++ --- +++ --- +++ --- +++ ---
>>TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to
>>Trouble? e-mail to firstname.lastname@example.org .
--- +++ --- +++ --- +++ --- +++ --- +++ --- +++ --- +++ ---
TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to
Trouble? e-mail to email@example.com .