On Sun, Jul 09, 2000 at 03:13:11PM -0400, Bob Bernstein wrote: > > I had in mind 'none' in the sense of "no one can use Ctrl-Alt-Del." Without > the -a switch it's available to everyone. (Am I missing something here?) you could put one of the system account names in /etc/shutdown.allow say bin who cannot login anyway. but if commenting out the inittab line is the same as disabling control-alt-delete that would work just as well. > Quite apart from all this, any user who knows the path '/sbin/shutdown' can > execute it, at least with the permissions shutdown has by default. > Eliminating this kind of possibility was the reason I started looking into > the ctrlaltdel business. Which brings me to ask, is there a reason shutdown > has -rwxr-xr-x perms? [eb@socrates eb]$ /sbin/shutdown -r now shutdown: must be root. [eb@socrates eb]$ so long as a program does not have any s bits set thier is no advanatage to restricting its permissions. afterall anyone can download the sysvinit .deb, extract the shutdown program and execute it with the same permission as my above example. (if you want to see something interesting though try this: fakeroot /sbin/shutdown -r now) the only time restricting program permissions is worthwhile is when there are s bits set or perhaps in the case of the compiler (which is more difficult to install into the users' userland.) for the compiler one should change permissions on /usr/lib/gcc as well. it is also debian policy that all binaries have 0755 permissions when non-suid for the above reason, and suid binaries must have world read permission at a minimum (no 4111 or 4711 type permissions) again for the same reason, anyone can get and read the file out of a .deb. -- Ethan Benson http://www.alaska.net/~erbenson/
Attachment:
pgpgaN1LOpNGC.pgp
Description: PGP signature