Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: Restricting Usage of Setuid Programs to the Admin User In MacOsx
Top Forums UNIX for Dummies Questions & Answers Restricting Usage of Setuid Programs to the Admin User In MacOsx Post 302623815 by neutronscott on Saturday 14th of April 2012 05:22:33 PM
Old 04-14-2012
Quote:
Originally Posted by Vera
$ sudo chmod +a# 0 “group:admin allow execute” <program name>
Seems to be a bash issue... try more quotes

Code:
sudo chmod '+a#' 0 'group:admin allow execute' <program name>

 

10 More Discussions You Might Find Interesting

1. OS X (Apple)

Root user in MacOSX

Hello, Do you guys know how does the root user works in this system? from the terminal i try to su to root, and i thought the password was the same as the macosx password, at the /etc/passwd file the passwd field appears as *, so it's system bussines only, is there a way to become root? i... (6 Replies)
Discussion started by: sx3v1l_1n51de
6 Replies

2. UNIX for Advanced & Expert Users

ping/traceroute setuid programs

This may be a dumb question, but I've been wondering why programs such as ping and traceroute must be setuid? Are there some restrictions which prevent normal users from accessing the world via sockets? $ pwd /bin $ ls -l ping traceroute -rwsr-xr-x 1 root root 35616 Apr 7 2005 ping... (1 Reply)
Discussion started by: nathan
1 Replies

3. Shell Programming and Scripting

restricting user input as required

Hi, I want the user to enter only numeric values and also he should only enter 2 digits only ( eg 23 or 23 or 03 any 2 digits) For the above purpose how should i declare my variable ? integer value if I read 03 in variable value then it gives me error ...also user can enter n number... (4 Replies)
Discussion started by: dhananjayk
4 Replies

4. UNIX for Dummies Questions & Answers

Unix/Solaris admin programs

Hi, Im working for a company that has over 400+ unix/solaris boxes. Obviously when we get a new unix guy join the company, its take us AGES to set them up on all these boxes. Can people recommend any programs/packages that can be added to our unix/solaris boxes to make this easier? ... (2 Replies)
Discussion started by: JamieP
2 Replies

5. UNIX for Dummies Questions & Answers

Restricting SSH usage

Hello, For one of our servers, we have had people trying to illegally loggon using the ssh service. My manager has asked me to restrict ssh access to users in our internal network but close ssh access to the "outside" world. Could someone at the very least point me to some resources on the... (7 Replies)
Discussion started by: mojoman
7 Replies

6. Solaris

pkgadd and setuid in admin file

Hi I am trying to automate the install of a package, I realise that I need to create an admin file, but as part of the install I am asked if I want to install these as setuid/setgid files, I want to say yes. What value am I supposed to use for setuid= in the admin file Thanks (1 Reply)
Discussion started by: eeisken
1 Replies

7. Shell Programming and Scripting

Admin user command usage restrictions

Hi, I need to work on restricting the Linux commands to the ADMIN user to some extent. It means for example, Admin users should not use passwd command to change the password of "root" or other important accounts like oracle, etc., So, I want to know which commands should be restricted upto which... (5 Replies)
Discussion started by: Dpu
5 Replies

8. UNIX for Dummies Questions & Answers

Difference between inbuilt suid programs and user defined root suid programs under bash shell?

Hey guys, Suppose i run passwd via bash shell. It is a suid program, which temporarily runs as root(owner) and modifies the user entries. However, when i write a C file and give 4755 permission and root ownership to the 'a.out' file , it doesn't run as root in bash shell. I verified this by... (2 Replies)
Discussion started by: syncmaster
2 Replies

9. UNIX for Beginners Questions & Answers

What keeps me from abusing setuid(0) and programs with setuid bit set?

Just learning about the privilege escalation method provided by setuid. Correct me if I am wrong but what it does is change the uid of the current process to whatever uid I set. Right ? So what stops me from writing my own C program and calling setuid(0) within it and gaining root privileges ? ... (2 Replies)
Discussion started by: sreyan32
2 Replies

10. Shell Programming and Scripting

Setuid usage

I'm trying - as an ordinary user - to create a file in the root directory of my system. For that purpose I wrote a simple script that echoes a string into a file. I made the file executable, used sudo to change ownership to root. Like this: $ cat hello #!/bin/bash echo hello > /hello $... (5 Replies)
Discussion started by: Ralph
5 Replies

LEARN ABOUT FREEBSD

audit

AUDIT(8)						    BSD System Manager's Manual 						  AUDIT(8)

NAME

     audit -- audit management utility

SYNOPSIS

     audit -e | -i | -n | -s | -t

DESCRIPTION

     The audit utility controls the state of the audit system.	One of the following flags is required as an argument to audit:

     -e      Forces the audit system to immediately remove audit log files that meet the expiration criteria specified in the audit control file
	     without doing a log rotation.

     -i      Initializes and starts auditing.  This option is currently for Mac OS X only and requires auditd(8) to be configured to run under
	     launchd(8).

     -n      Forces the audit system to close the existing audit log file and rotate to a new log file in a location specified in the audit con-
	     trol file.  Also, audit log files that meet the expiration criteria specified in the audit control file will be removed.

     -s      Specifies that the audit system should [re]synchronize its configuration from the audit control file.  A new log file will be cre-
	     ated.

     -t      Specifies that the audit system should terminate.	Log files are closed and renamed to indicate the time of the shutdown.

NOTES

     The auditd(8) daemon must already be running.  Optionally, it can be configured to be started on-demand by launchd(8) (Mac OS X only).  The
     audit utility requires audit administrator privileges for successful operation.

FILES

     /etc/security/audit_control  Audit policy file used to configure the auditing system.

SEE ALSO

     audit(4), audit_control(5), auditd(8), launchd(8)

HISTORY

     The OpenBSM implementation was created by McAfee Research, the security division of McAfee Inc., under contract to Apple Computer Inc. in
     2004.  It was subsequently adopted by the TrustedBSD Project as the foundation for the OpenBSM distribution.

AUTHORS

     This software was created by McAfee Research, the security research division of McAfee, Inc., under contract to Apple Computer Inc.  Addi-
     tional authors include Wayne Salamon, Robert Watson, and SPARTA Inc.

     The Basic Security Module (BSM) interface to audit records and audit event stream format were defined by Sun Microsystems.

BSD
								 January 29, 2009							       BSD
All times are GMT -4. The time now is 10:01 AM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy