Date: Fri, 06 Aug 1999 09:03:05 +0100 From: Brian Somers <brian@FreeBSD.org.uk> To: alk@pobox.com Cc: freebsd-security@FreeBSD.ORG Subject: Re: group bits Message-ID: <199908060803.JAA00845@keep.lan.Awfulhak.org> In-Reply-To: Your message of "Thu, 05 Aug 1999 16:34:05 CDT." <14249.52685.50332.808817@avalon.east>
next in thread | previous in thread | raw e-mail | index | archive | help
>
> I'd like to obtain a consensus guideline on an an issue which is
> treated inconsistently in FreeBSD's user space: Is it true, as I
> believe, that group rwx bits are the principal correct and appropriate
> mechanism to allow a specific group of users to control aspects of
> system administration which are protected from control by the body of
> users at large?
>
> My specific motivation is that everytime I cvsup, I have to patch
> sendmail and ppp to suppress their group-writable-config
> errors/warnings. If a clear consensus existed that these
> errors/warnings were spurious, then a PR might have a snowball's
> chance of remedying the situation. If not, then at least I could give
> up one wasted quixotic hope.
If you want to allow users to modify their own ppp configuration, you
should do this by including the line
!include ~/.ppp.conf
in ppp.conf. This means that users can modify their own profiles
without screwing around with other peoples.
ppp.conf should always be owned by root and mode 600, 400 or 0.
--
Brian <brian@Awfulhak.org> <brian@FreeBSD.org>
<http://www.Awfulhak.org>; <brian@OpenBSD.org>
Don't _EVER_ lose your sense of humour ! <brian@FreeBSD.org.uk>
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199908060803.JAA00845>