Path: utzoo!attcan!sobmips!uunet!lll-winken!sun-barr!cs.utexas.edu!samsung!aplcen!haven!umd5!feldman From: feldman@umd5.umd.edu (Mark Feldman) Newsgroups: comp.sys.next Subject: Re: How do I disable time and date setting from Preferences? Message-ID: <5629@umd5.umd.edu> Date: 16 Nov 89 15:31:18 GMT References: <127@toaster.SFSU.EDU> Reply-To: feldman@umd5.umd.edu (Mark Feldman) Organization: University of Maryland, College Park Lines: 50 In article <127@toaster.SFSU.EDU> eps@cs.SFSU.EDU (Eric P. Scott) writes: >"Note that if your computer is on a network, its internal clock >might be managed by a system administrator, in which case the >Set button is dimmed." -- p.332 in the Useless Reference Manual > >This is the only documented indication I could find that it's >even possible to prevent malicious or curious users from screwing >up the date and time. Does Preferences look for a running ntpd >and/or timed? Can I safely strip it of its set-uid bit? Will >this break password changing? > -=EPS=- Preferences doesn't look for anything. Stripping the setuid bit will do what you want without any harmful side effects. I have been running Preferences this way on all of my NeXTs for quite some time. Password changing in Preferences is unaffected. This is probably due to the fact that NetInfo is used when you change your password with Preferences, and since /etc/passwd is not being modified, you don't have to be root. There are several other stuid bits that you might want to strip: /NextApps/BuildDisk -- leaving it setuid is just asking for trouble. It does no security/authorization checks whatsoever, and will destroy the boot device at any user's request. In many (most?) situations, there is no need to leave this program on the system unless you are into building flopticals or like to keep a complete distribution on your cubes. /NextApps/Printmanager -- do you really want users reconfiguring or removing your print queues? A naive user can easily do this by accident. All of the programs in /NextAdmin -- While these programs perform a security check, asking for the root password before allowing you to run the program or make changes (depending on the program), they do not check to see if you are in the wheel group. If you have opted for the default, secure su, where you must be in the wheel group before su'ing root, then leaving these programs setuid removes that added wheel group security. When we first saw that you could change A time in Preferences, we wondered what time was being changed. After all, no one would let any user change THE time, would they?-( Mark