cannot run suid

Bryan Breen Bryan.C.Breen.1 at gsfc.nasa.gov
Thu Oct 24 17:57:26 PDT 2002


At 15:45 10/24/02 -0500, you wrote:
>Fauzie Wiriadisastra wrote:
>
>> -rwxr-xr-x    1 root     root        14436 Oct 22 22:32 /bin/su*
>
>If only you had posted this in the begining!
>As root do "chmod 4755 /bin/su"

You could also remove the read and execute permissions from the "other"
category of the file (4750 in the above example). Then make a new group of
something like "wheel" or "admin" (two of the more common choices) and
change the group of su to this new group. After that, just add to the
additional group only the users you explicitly want to have access to the
su command. That adds another layer of protection beyond the /etc/suauth
file. One more small step towards simple security. But don't worry about
that until you are sure the above suggestion fixes your problem (which it
should).

- B
-- 
Unsubscribe: send email to listar at linuxfromscratch.org
and put 'unsubscribe lfs-support' in the subject header of the message



More information about the lfs-support mailing list