I am very new to FreeBSD, so I know there is a simple answer to this:

I have installed FreeBSD 4.8 Stable on a machine. The installation always
runs like silk.  I then begin locking down some of the machine's conf files,
shut down unecessary daemons, etc.  This includes setting permissions on
unused suid/sgid binaries to 000.  This process always works fine, and even
after reboot, the binaries I have reduced permissions on stay reduced.

At some point in this process however, I get to cvsup, buildworld, and
installworld.  This process re-enables the old permissions on the files I so
diligently locked down.  I would expect there is a flag or include/exclude
file somewhere I need to lookup to prevent cvsup from doing this in the
first place, but like I said, I'm new.

The problem I need help with though, is the fact that I cannot chmod 000
certain binaries after this process (for example: /usr/bin/rsh,
/usr/bin/yppasswd, /usr/bin/ypchfn, etc.).  The following occurs:

# chmod 000 /usr/bin/rsh
chmod: /usr/bin/rsh: Operation not permitted

A listing of the file:

# ll /usr/bin/rsh
-r-sr-xr-x 1 root wheel 7980 Oct 26 07:36 /usr/bin/rsh

I am logged in as root on the console.  My cvs-supfile is very basic:

*default host=cvsup8.FreeBSD.org
*default base=/usr
*default prefix=/usr
*default release=cvs
*default compress
src-all tag=RELENG_4_8
ports-all tag=.

What changes during installworld that prevents me from shutting these down

If anyone needs more information, just let me know what you're looking for.


[EMAIL PROTECTED] mailing list
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Reply via email to