Path: utzoo!utgpu!water!watmath!clyde!att!osu-cis!tut.cis.ohio-state.edu!mailrus!ames!umd5!brl-adm!adm!rbj@icst-cmr.arpa From: rbj@icst-cmr.arpa (Root Boy Jim) Newsgroups: comp.unix.wizards Subject: Doing the unexpected Message-ID: <15032@brl-adm.ARPA> Date: 28 May 88 02:38:10 GMT Sender: news@brl-adm.ARPA Lines: 45 Date: Wed, 25 May 88 22:46:48 CDT From: Operator Tonight, one of my users executed the /etc/rc script twice. This had the not-very-amusing effect of causing multiple copies of some daemons such as sendmail to be running. I have noticed before that users can execute the administrative daemons and the user-started daemon will displace the system-started daemon from the distiguished port that that particular daemon listens to. When this happens, all manner of "not-very-amusing" things happen due to protection problems. Is there a solution to this problem? I believe that there are files in the /etc directory that are expected to to be readable with normal user permissions so I don't think I can simply deny access to the directory. I can't think of any way to prevent users from starting sendmail as a daemon without denying ALL execution access to sendmail. I suppose I could make /etc/rc unreadable but this seems to ignore the real problem As you said above, you can't deny access to the entire directory, because there are files that must be world readable. You can trun off the world execute bit on commands you don't want l'users to run tho. Any suggestions on how to prevent a user daemon from displacing a system daemon in general? This is really up to the daemon. In many cases it is not setuid root, so it should die when it attempts to do something privileged. In other cases, the daemon should protect against multiple invocations by the masses, but this is not much consolation if it doesn't. The idea of wrapper programs is a good one if you really need this kind of protection. Perhaps the wrapper would be setgid to some group and the real daemon executable only by this group. The wrapper would validate access invoke the real program if everything is okay and it wasn't previously running. Optionally, you could kill the old daemon to provide a restart capability. Just what daemons gave you problems? (Root Boy) Jim Cottrell National Bureau of Standards Flamer's Hotline: (301) 975-5688 The opinions expressed are solely my own and do not reflect NBS policy or agreement My name is in /usr/dict/words. Is yours?