From owner-freebsd-questions@FreeBSD.ORG Thu Jul 3 13:47:33 2003 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id CE29437B401 for ; Thu, 3 Jul 2003 13:47:33 -0700 (PDT) Received: from foem.leiden.webweaving.org (fia224-72.dsl.hccnet.nl [62.251.72.224]) by mx1.FreeBSD.org (Postfix) with ESMTP id 0BCE143F93 for ; Thu, 3 Jul 2003 13:47:28 -0700 (PDT) (envelope-from dirkx@webweaving.org) Received: from foem (foem [10.11.0.2])h63KlQen006725 (version=TLSv1/SSLv3 cipher=EDH-RSA-DES-CBC3-SHA bits=168 verify=NO); Thu, 3 Jul 2003 22:47:26 +0200 (CEST) (envelope-from dirkx@webweaving.org) Date: Thu, 3 Jul 2003 22:47:26 +0200 (CEST) From: Dirk-Willem van Gulik X-X-Sender: dirkx@foem To: Nucking Futs In-Reply-To: Message-ID: <20030703224447.P47890-100000@foem> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII cc: freebsd-questions@freebsd.org Subject: Re: Disable PING command X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 03 Jul 2003 20:47:34 -0000 On Thu, 3 Jul 2003, Nucking Futs wrote: > How would I go about disabling users command to ping? If need be I would be > willing to just disable the ping command altogether as a last resort. Well - anyone could compile a fresh version; or copy a version from another machine into his home dir or /tmp; but if you ignore that type of level of ability in your user a small obstacle would be: # ls -l /sbin/ping -r-sr-xr-x 1 root wheel 421060 Apr 28 15:49 /sbin/ping # chmod a-rx /sbin/ping which makes it executable only to the owner and those member of wheel. Which users generally are not. But ping is not exactly a dangerous command - so why worry about it ? Dw