Path: utzoo!utgpu!water!watmath!clyde!att!osu-cis!killer!ames!umd5!brl-adm!adm!vuse!root@uunet.uu.net
From: vuse!root@uunet.uu.net (Operator)
Newsgroups: comp.unix.wizards
Subject: Doing the unexpected
Message-ID: <14650@brl-adm.ARPA>
Date: 26 May 88 04:10:46 GMT
Sender: news@brl-adm.ARPA
Lines: 31

Tonight, one of my users executed the /etc/rc script twice. This had the
not-very-amusing effect of causing multiple copies of some daemons such
as sendmail to be running. I have noticed before that users can execute
the administrative daemons and the user-started daemon will displace the
system-started daemon from the distiguished port that that particular
daemon listens to. When this happens, all manner of "not-very-amusing"
things happen due to protection problems.

Is there a solution to this problem? I believe that there are files
in the /etc directory that are expected to to be readable with normal
user permissions so I don't think I can simply deny access to the
directory. I can't think of any way to prevent users from starting
sendmail as a daemon without denying ALL execution access to sendmail.
I suppose I could make /etc/rc unreadable but this seems to ignore the
real problem

Any suggestions on how to prevent a user daemon from displacing a
system daemon in general?

I am using a SUN3/160 running SunOS3.4.2 (until the 4.0 tape arrives).
I do not have source to SunOS or any version of BSD. I have the VAX
SVR2.2 source tapes from Alexander Graham and friends.


+= David Linn ==========================================================+
|  System Manager, Vanderbilt University School of Engineering
|INET:	drl@vuse.vanderbilt.edu [129.59.100.1]				|
|UUCP:	...!uunet!vuse!drl		CSNET:	drl@vanderbilt.csnet	|
|AT&T:	(615)322-7924			BITNET:	linndr@vuengvax		|
|USPS:	P.O. Box 1824, Vanderbilt University, Nashville, TN, USA, 37235	|
+======== "I can sing louder than you" - T. S. `Dr. Seuss' Geisel ======+