Re: Debian for kids
On Thu, Feb 03, 2000 at 01:16:32AM -0800, Joseph Carter wrote:
> On Wed, Feb 02, 2000 at 11:44:30PM -0500, Alex Dukat wrote:
> > > to the begining /etc/pam.d/passwd, and add any users who can't seem to
> > > use passwd command right to /etc/deny.passwd (or whatever). multiuser
> > > compatible!
> > As a start to kid proofing a machine, one could remove world permissions
> > on all potentially dangerous commands, passwd, chmod, chown, etc. Then
> > use sudo to return permission to those who are responsible.
> chgrp protected passwd
> chmod 750 passwd
> adduser someone protected
and edit /etc/suid.conf otherwise it will unchgrp unchmod passwd..
which is why i would prefer the PAM method for this one.. the others
are not suid so would not be a problem. (though changing permissions
on things like chmod is easily bypassed.)