[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Debian for kids

On Thu, Feb 03, 2000 at 01:16:32AM -0800, Joseph Carter wrote:
> On Wed, Feb 02, 2000 at 11:44:30PM -0500, Alex Dukat wrote:
> > > to the begining /etc/pam.d/passwd, and add any users who can't seem to
> > > use passwd command right to /etc/deny.passwd (or whatever).  multiuser
> > > compatible!
> > 
> > As a start to kid proofing a machine, one could remove world permissions
> > on all potentially dangerous commands, passwd, chmod, chown, etc.  Then
> > use sudo to return permission to those who are responsible.
> Uh.
> chgrp protected passwd
> chmod 750 passwd
> adduser someone protected

and edit /etc/suid.conf otherwise it will unchgrp unchmod passwd..

which is why i would prefer the PAM method for this one.. the others
are not suid so would not be a problem.  (though changing permissions
on things like chmod is easily bypassed.)

Ethan Benson

Reply to: