Xref: utzoo comp.bugs.4bsd:871 comp.bugs.misc:163 comp.bugs.sys5:496
Path: utzoo!utgpu!attcan!uunet!husc6!rutgers!att!chinet!les
From: les@chinet.chi.il.us (Leslie Mikesell)
Newsgroups: comp.bugs.4bsd,comp.bugs.misc,comp.bugs.sys5
Subject: Re: Hard Links between UNIX Utility Programs
Message-ID: <6106@chinet.chi.il.us>
Date: 27 Jul 88 19:04:32 GMT
References: <184@chip.UUCP> <185@chip.UUCP>
Reply-To: les@chinet.chi.il.us (Leslie Mikesell)
Organization: Chinet - Public Access Unix
Lines: 21

In article <185@chip.UUCP> mparker@chip.UUCP (M. D. Parker) writes:
>Programs no longer have HARD LINKs and can be protected individually.
>Complication here, if a user creates a SYMBOLIC LINK to the program as:
>
>	ln -s /usr/lib/sendmail mailq
>
>and then executes the program 'mailq', the effect is identical to running
>/usr/ucb/mailq prior to my making the copy.

But most programs have command line switches that override the program
name, and it is easy enough to pass a fake argv[0] to a program anyway.
To control things to the extent that you want, you either have to write
all the programs yourself or make the programs executable only by a
certain user or group ID.  Then you can write a front-end program that
is set[ug]id that knows who is allowed to execute which programs with
which arguments.  Several such programs have been posted to the net to
allow some users access to root without knowing the root password, but 
they should work as well (and be safer) with some other special ID set
up for that purpose.

  Les Mikesell