> an admin may want to use sgid/suid to prevent users from directly reading > utmp/wtmp. i think it's good idea, not allowing every one to read files > they don't need to read. > > But that group shouldn't be a general group for > all kinds of these special permission handlings, > cause via for example 'who' you can gain access to this group. > > i don't know if any distribution defaults to setting any group permissions > but many sysadmins i know do so. If you setuid arbitary programs without reviewing them you get hurt. Thats to say arbitary programs should not be properly behaved and not do stupid things based on third party actions. They can't however protect people from a sysadmin who put 's' bits where he likes without checking the code. Alan
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:10:03 PDT