dan at slightlystrange.org
Fri Jun 6 05:33:13 PDT 2003
On Fri, Jun 06, 2003 at 01:26:44PM +0100, Mark Redding wrote:
> Hi all,
> I'm building a system (FreeBSD 4.7) which upon which I
> wish the majority of users to only have extremely
> limited access to (ie. to be able to telnet
> One of the things I've done is to "chmod o-rwx" most
> everything in /bin/ /sbin/ /usr/bin/ /usr/sbin/ and
> The only commands that users can access now are
> "passwd" and "telnet" as I've changed permissions to
> give them "r-x" access to these commands, and also to
> The problem I have at present is that users can
> telnet, but they cannot issue the passwd command
> without getting :-
> passwd: permission denied
> Does anyone know what other commands passwd may be
> trying to execute, or of any way I can 'trace' the
> program to see what it's trying to do (I've KTRACE
> switched OFF in the kernel and have no intention of
> switching it on).
passwd needs to run setuid root, so it can write the new password to
[homer: danielby: ~]$ ls -l `which passwd`
-r-sr-xr-x 2 root wheel 32824 19 May 11:04 /usr/bin/passwd*
You need to re-enable the setuid bit.
While a lot more work, you might want to look at jail(8) - you can then
provide only those programs you want your users to have access to, while
leaving the base system a bit more sane. It takes a bit of tinkering, but
works reasonably well.
> thanks in advance,
> Mark Redding.
> Mark W J Redding
> Yahoo! Plus - For a better Internet experience
> freebsd-questions at freebsd.org mailing list
> To unsubscribe, send any mail to "freebsd-questions-unsubscribe at freebsd.org"
PGP Key: ftp://ftp.slightlystrange.org/pgpkey/dan.asc
PGP Key fingerprint: 3D73 AF47 D448 C5CA 88B4 0DCF 849C 1C33 3C48 2CDC
ASCII ribbon campaign ( )
- against HTML, vCards and X
- proprietary attachments in e-mail / \
More information about the freebsd-questions