Re: Debian for kids

To: Joseph Carter <knghtbrd@debian.org>
Cc: Alex Dukat <dukat@cis.ohio-state.edu>, Ethan Benson <erbenson@alaska.net>, Debian Development <debian-devel@lists.debian.org>
Subject: Re: Debian for kids
From: Ethan Benson <erbenson@alaska.net>
Date: Thu, 3 Feb 2000 00:54:40 -0900
Message-id: <20000203005440.B480@plato.localdomain.local>
In-reply-to: <20000203011632.B18185@debian.org>; from knghtbrd@debian.org on Thu, Feb 03, 2000 at 01:16:32AM -0800
References: <20000202050548.F18422@plato.localdomain.local> <Pine.SOL.4.10.10002022342260.18005-100000@beta.cis.ohio-state.edu> <20000203011632.B18185@debian.org>

On Thu, Feb 03, 2000 at 01:16:32AM -0800, Joseph Carter wrote:
> On Wed, Feb 02, 2000 at 11:44:30PM -0500, Alex Dukat wrote:
> > > to the begining /etc/pam.d/passwd, and add any users who can't seem to
> > > use passwd command right to /etc/deny.passwd (or whatever).  multiuser
> > > compatible!
> > 
> > As a start to kid proofing a machine, one could remove world permissions
> > on all potentially dangerous commands, passwd, chmod, chown, etc.  Then
> > use sudo to return permission to those who are responsible.
> 
> Uh.
> 
> chgrp protected passwd
> chmod 750 passwd
> adduser someone protected

and edit /etc/suid.conf otherwise it will unchgrp unchmod passwd..

which is why i would prefer the PAM method for this one.. the others
are not suid so would not be a problem.  (though changing permissions
on things like chmod is easily bypassed.)

-- 
Ethan Benson

Reply to:

References:
- Re: Debian for kids
  - From: Ethan Benson <erbenson@alaska.net>
- Re: Debian for kids
  - From: Alex Dukat <dukat@cis.ohio-state.edu>
- Re: Debian for kids
  - From: Joseph Carter <knghtbrd@debian.org>

Prev by Date: Re: [POSSIBLE GRAVE SECURITY HOLD]
Next by Date: Re: [POSSIBLE GRAVE SECURITY HOLD]
Previous by thread: Re: Debian for kids
Next by thread: Re: Debian for kids
Index(es):
- Date
- Thread