Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP
Path: utzoo!watmath!clyde!caip!elbereth!rutgers!husc6!seismo!munnari!moncskermit!goanna!yabbie!rcodi
From: rcodi@yabbie.rmit.oz (Ian Donaldson)
Newsgroups: net.unix-wizards
Subject: Re: Which commands (in /bin & /usr/bin) must have set user ID (for root)
Message-ID: <350@yabbie.rmit.oz>
Date: Sun, 19-Oct-86 17:13:17 EDT
Article-I.D.: yabbie.350
Posted: Sun Oct 19 17:13:17 1986
Date-Received: Tue, 21-Oct-86 07:05:52 EDT
References: <115@tijc02.UUCP> <735@hropus.UUCP>
Organization: RMIT Comm & Elec Eng, Melbourne, Australia.
Lines: 53
Summary: another alternative

If you carefully set the permissions and owner/groups of "priviliged"
files and devices you can remove the need for lots of programs to 
have "setuid root" permission.

For example, "df", "quot" need only access filesystems, so it makes
sense to group all your "disk" devices by an owner "disks".  Thus, you
make "df" and "quot" setuid "disks".

Since "ps", "w", "pstat", "gcore" all access /dev/kmem, they can
conveniently it also makes sense for /dev/kmem to be grouped by "mem",
and the set-gid mem permission placed on the programs.

A few examples follow:

-rws--x--x  1 disks    bin         13512 Jun 11  1985 df
-rwx--s--x  1 bin      mem         21688 Jun 15 19:38 ps
-rwx--s--x  1 bin      mem         12028 Jun 15 19:59 gcore
-rwx--s--x  1 bin      mem         20588 Jun 10 01:08 pstat
-rws--x--x  1 disks    bin         16328 Jul 16  1985 quot
-rwx--s--x  2 bin      mem         17124 Jun 15 19:38 uptime
-rwx--s--x  2 bin      mem         17124 Jun 15 19:38 w

Some of my /dev/ follows:

brw-rw-r--  1 disks    floppy     0,   0 Aug 24 22:08 flp0d
brw-r-----  1 disks    winnie     1,   0 Jun 26 01:34 imi0a
crw-r-----  1 bin      mem        2,   1 Oct 12 21:43 kmem
crw-r-----  1 bin      mem        2,   0 Jun 26 01:33 mem
crw-rw-r--  1 root     magtape   10,  16 Jun 26 01:34 nrmt0l
crw-rw-r--  1 root     magtape   10,  24 Jun 26 01:34 nrmt0p
crw-r-----  1 disks    winnie     4,  18 Aug 16 15:30 rimi1c
crw-rw-r--  1 root     magtape   10,   8 Jun 26 01:34 rmt0p
crw-r-----  1 disks    winnie    11,   0 Jun 26 01:35 rst0a
brw-r-----  1 disks    winnie     5,   0 Jun 26 01:35 st0a
brw-r-----  1 bin      mem        5,   2 Jul 14 21:36 swap

For the benefet of those who can't handle cryptic crosswords,

    "st" and "imi" are winchester disks,
    "flp" is a floppy disk,
    "mt" is a mag-tape,
    the rest should be universal.

This way other benefits are provided:  you can list in /etc/group
those users that are allowed access to the floppy and magtape etc,
without having to tell them what the root password is, or make
the device publicly read/writeable.  By changing mode 640 to 660
on other devices you can grant winchester access as well (not advised).

This convention has been in use on our systems for months now and
I am confident it is reasonably free of side-effects.

Ian Donaldson