Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP
Path: utzoo!watmath!clyde!caip!rutgers!seismo!mcvax!jack
From: jack@mcvax.uucp (Jack Jansen)
Newsgroups: net.unix-wizards
Subject: Re: Which commands (in /bin & /usr/bin) must have set user ID (for root)
Message-ID: <7113@boring.mcvax.UUCP>
Date: Mon, 20-Oct-86 16:27:23 EDT
Article-I.D.: boring.7113
Posted: Mon Oct 20 16:27:23 1986
Date-Received: Wed, 22-Oct-86 01:12:59 EDT
References: <115@tijc02.UUCP> <735@hropus.UUCP>
Reply-To: jack@boring.uucp (Jack Jansen)
Organization: AMOEBA project, CWI, Amsterdam
Lines: 14
Apparently-To: rnews@mcvax


Probably a *lot* of commands in /bin or /usr/bin don't need set-uid.
If you adopt a well-chosen group scheme, set-gid to a certain group
can be enough.

This is what is more-or-less done in BSD unix. For instance,
/dev/kmem is owned by the group 'kmem', and '/bin/ps' is setgid kmem.

This can easily be extended to programs like 'at', 'df', 'expreserve',
etc. The nice thing is that this is even possible if you don't
have a source license.......
-- 
	Jack Jansen, jack@mcvax.UUCP
	The shell is my oyster.