I am very new to FreeBSD, so I know there is a simple answer to this:
I have installed FreeBSD 4.8 Stable on a machine. The installation always
runs like silk. I then begin locking down some of the machine's conf files,
shut down unecessary daemons, etc. This includes setting permissions on
unused suid/sgid binaries to 000. This process always works fine, and even
after reboot, the binaries I have reduced permissions on stay reduced.
At some point in this process however, I get to cvsup, buildworld, and
installworld. This process re-enables the old permissions on the files I so
diligently locked down. I would expect there is a flag or include/exclude
file somewhere I need to lookup to prevent cvsup from doing this in the
first place, but like I said, I'm new.
The problem I need help with though, is the fact that I cannot chmod 000
certain binaries after this process (for example: /usr/bin/rsh,
/usr/bin/yppasswd, /usr/bin/ypchfn, etc.). The following occurs:
# chmod 000 /usr/bin/rsh
chmod: /usr/bin/rsh: Operation not permitted
A listing of the file:
# ll /usr/bin/rsh
-r-sr-xr-x 1 root wheel 7980 Oct 26 07:36 /usr/bin/rsh
I am logged in as root on the console. My cvs-supfile is very basic:
What changes during installworld that prevents me from shutting these down
If anyone needs more information, just let me know what you're looking for.
[EMAIL PROTECTED] mailing list
To unsubscribe, send any mail to "[EMAIL PROTECTED]"