Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP
Path: utzoo!mnetor!seismo!columbia!rutgers!sri-spam!sri-unix!hplabs!felix!trwrb!desint!geoff
From: geoff@desint.UUCP (Geoff Kuenning)
Newsgroups: net.unix-wizards
Subject: Re: Which commands (in /bin & /usr/bin) must have set user ID (for root)
Message-ID: <268@desint.UUCP>
Date: Wed, 22-Oct-86 02:36:10 EDT
Article-I.D.: desint.268
Posted: Wed Oct 22 02:36:10 1986
Date-Received: Wed, 22-Oct-86 23:25:11 EDT
References: <115@tijc02.UUCP> <735@hropus.UUCP>
Reply-To: geoff@desint.UUCP (Geoff Kuenning)
Organization: SAH Consulting, Manhattan Beach, CA
Lines: 17

In article <735@hropus.UUCP> jrw@hropus.UUCP (Jim Webb) writes:

> df needs to be able to read the superblock of the filesystem(s) to see how
> many blocks and inodes are free.  Unfortunately, the standard version allows
> it to open ANY device; it should restrict non-super-users to those devices
> found in /etc/mnttab (mounted filesystems)

However, this can be done by creating a special UID or GID for 'df' and putting
the appropriate devices in that user ID or group:

-rwsr-xr-x   1 check    check      14356 Feb  2  1985 /bin/df
brw-------   1 check    check      6, 11 Sep 24 09:53 /dev/w0a
brw-------   1 check    check      6, 13 Feb  7  1985 /dev/w0b
-- 

	Geoff Kuenning
	{hplabs,ihnp4}!trwrb!desint!geoff