[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: modify root-owned SUID files?
|
From: |
Mark Burgess |
|
Subject: |
Re: modify root-owned SUID files? |
|
Date: |
Sat, 14 Dec 2002 09:30:53 +0100 (MET) |
Yes, you can use a filter. Check out the online docs and search under filters.
I believe there is an example on precisely this.
M
>
>
> --===============19183655806446409==
> Content-Disposition: inline
> content-type: multipart/signed; micalg="pgp-sha1";
> protocol="application/pgp-signature"; boundary="OZkY3AIuv2LYvjdk"
>
>
> --OZkY3AIuv2LYvjdk
> Content-Type: text/plain; charset=us-ascii
> Content-Disposition: inline
> Content-Transfer-Encoding: quoted-printable
>
> I'm looking to remove the SUID bit from most root-owned files, but not
> all. So far I have this:
>
> solaris::
> /usr/bin
> mode=3Du-s
> exclude=3Dat
> exclude=3Datq
> exclude=3Datrm
> exclude=3Dcrontab
> exclude=3Dpasswd
> exclude=3Dsu
> exclude=3Dnispasswd
> exclude=3Dyppasswd
> recurse=3Dinf
> action=3Dfixall
> inform=3Dtrue
>
> /usr/sbin
> mode=3Du-s
> recurse=3Dinf
> exclude=3Dtraceroute
> action=3Dfixall
> inform=3Dtrue
>
> This is pretty much what I'm after, but strictly speaking I don't really
> mind if the uucp-related programs are SUID and owned by the "uucp" user.
>
> Is there a way to catch only the root-owned SUID programs? I can live
> with it this way, but would like to know if I'm missing something.
>
> TIA
> --=20
> Nate Campi http://www.campin.net=20
>
> "Trying to outsmart a compiler defeats much of the purpose of using
> one." - Kernighan & Plauger, The Elements of Programming Style.=20
>
>
> --OZkY3AIuv2LYvjdk
> Content-Type: application/pgp-signature
> Content-Disposition: inline
>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.0.6 (GNU/Linux)
> Comment: For info see http://www.gnupg.org
>
> iD8DBQE9+rXfWpDEZMF673kRAqOOAJwLx88UcYSLH/ak/Rjgyyjnp96h/ACfS2ed
> Q5mWFY0fOr1OFRfGQttmjJI=
> =MeMR
> -----END PGP SIGNATURE-----
>
> --OZkY3AIuv2LYvjdk--
>
>
>
> --===============19183655806446409==
> Content-Type: text/plain; charset="us-ascii"
> MIME-Version: 1.0
> Content-Transfer-Encoding: 7bit
>
> _______________________________________________
> Help-cfengine mailing list
> Help-cfengine@gnu.org
> http://mail.gnu.org/mailman/listinfo/help-cfengine
>
> --===============19183655806446409==--
>
>
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Work: +47 22453272 Email: Mark.Burgess@iu.hio.no
Fax : +47 22453205 WWW : http://www.iu.hio.no/~mark
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- Re: modify root-owned SUID files?,
Mark Burgess <=