When I tried to summarise a discussion on writeable /etc/utmp files
I passed on the suggestion of using set gid.
>"I changed utmp permissions, and made sure anything that needed to write to
>utmp was in the same group, and made it group writeable.
>I had no problems with it from then."
with the comment
>I have not tried this but it looks like quite a good idea.
I have been told by email@example.com (Per Hedeland) that this is NOT
a good idea
>No it isn't - among the programs that "need" to write utmp are
>sheltool/cmdtool - if you make these set-gid to enable them to write
>utmp, they will gladly pass on the set-gid-ness to the shell that they
>typically start, and of course then the user can write utmp to his
>heart's content from that shell or any program started by it - i.e. you
>might just as well leave it world-writable.
This archive was generated by hypermail 2.1.2 : Fri Sep 28 2001 - 23:07:55 CDT