passwd
Hi all, I'm building a system (FreeBSD 4.7) which upon which I wish the majority of users to only have extremely limited access to (ie. to be able to telnet elsewhere). One of the things I've done is to chmod o-rwx most everything in /bin/ /sbin/ /usr/bin/ /usr/sbin/ and /usr/libexec/ The only commands that users can access now are passwd and telnet as I've changed permissions to give them r-x access to these commands, and also to /usr/libexec/ld.elf* The problem I have at present is that users can telnet, but they cannot issue the passwd command without getting :- passwd: permission denied Does anyone know what other commands passwd may be trying to execute, or of any way I can 'trace' the program to see what it's trying to do (I've KTRACE switched OFF in the kernel and have no intention of switching it on). thanks in advance, Mark Redding. = Mark W J Redding __ Yahoo! Plus - For a better Internet experience http://uk.promotions.yahoo.com/yplus/yoffer.html ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: passwd
#snip# passwd needs to run setuid root, so it can write the new password to /etc/master.passwd: [homer: danielby: ~]$ ls -l `which passwd` -r-sr-xr-x 2 root wheel 32824 19 May 11:04 /usr/bin/passwd* You need to re-enable the setuid bit. #end-snip# That's not it I'm afraid. The setuid bit was set anyway, and anyway, users who are members of the wheel group can execute the passwd command without trouble (I've only switched off 'other' access). :-( = Mark W J Redding __ Yahoo! Plus - For a better Internet experience http://uk.promotions.yahoo.com/yplus/yoffer.html ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
RE: passwd
Quick update for all who were good enough to reply. My problem is now solved...for any others wishing to secure their servers in such a fashion, here is what it was.. 1. /usr/bin/yppasswd needs to be other executable. 2. even with the above done, if I login as one use, then su to root and then su to the poor old non-priviledged user it gives the error. login in directly (via ssh/telnet/console) with the above change and it works. sign!!! once again, thanks for the help and advise. = Mark W J Redding __ Yahoo! Plus - For a better Internet experience http://uk.promotions.yahoo.com/yplus/yoffer.html ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
4.8 install
Hi, Has anyone else reported problems when trying to install the 4.8-RELEASE version booting from floppy disks and then installing via passive ftp ? I tried it a number of time yesterday, each time the install returned 'write errors' soon into the bin extract, and when I checked using 'df' on the emergency shell, it had filled up the small memory disk rather than writing to the real disks mounted under /mnt/... I've now back-tracked and installed 4.7-RELEASE using the same mechanisms on the same two machines and they work without any problems (as ever). regards, Mark Redding. ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]