Skip site navigation (1)Skip section navigation (2)
Date:      Mon, 25 Dec 2006 23:20:09 -0300
From:      Agus <>
To:        "Armin Arh" <>
Cc:        freebsd-questions <>
Subject:   Re: remove suid files question....
Message-ID:  <>
In-Reply-To: <>
References:  <> <>

Next in thread | Previous in thread | Raw E-Mail | Index | Archive | Help
Of course u can get an account......when i get the system connected and problemm....

the web will be; i'm still testing localy....when i
start testing access with friends and
people i know, i'll create an account for u, to test the system....

thanxs.....Happy Holidays....

2006/12/23, Armin Arh <>:
> On Sat, Dec 23, 2006 at 05:41:29PM -0300, Agus wrote:
> > Hi all.....i installed a freebsd 6 and i am going to use it as a server
> with
> > apache, ssh, ftp and other is going to be of free
> access....u
> > register in my page your account (free) and i create an account for u in
> the
> > i am trying to make it secure.....which setuid files should
> i
> > take the setuid bit off???
> Sounds interesting. Can i get an account? :)
> btw: do you care for a real email address? (see below)
> Giving the users shell access without a chroot environment is a potential
> danger, possible though.
> A plain BSD installation has several suid- bits set like for the 'passwd'
> program, 'su' and other. These can't be used to corrupt the system, so you
> should be safe.
> Nevertheless, special care has to be taken for all third party software,
> e.g. via the ports system.
> On my box i can't afford giving users shell access, because cpu cycles
> are a rare resource (OSes can be even freeze with naughty users).
> And then i have no expirience about enforcing resource limits...
> Another important point is:
> You may trust your users, but unauthorized access (someone else logs in)
> can arise if they do something wrong. Restricting them to cryptgraphically
> authenticated entrance is a good countermeasure.
> Armin
> --
> PUBBOX Postmaster + spam-killer. Free email addresses at

Want to link to this message? Use this URL: <>