Hylafax Mailing List Archives
|
[Date Prev][Date Next][Thread Prev][Thread Next]
[Date Index]
[Thread Index]
Re: help! can't faxalter or faxrm! permission denied!
>
> > I have found that the process is actually owned by bin. I have been
> > working around it by
If you have a process, as against a program, owned by bin, you have
a security problem. faxalter itself is not setuser, so should run
as whoever starts it.
Generally things are owned by bin if they should not be writeable,
and in some cases readable, to anyone except root; it allows a careful
sysadmin to manage them without running as root all the time. They can
be a risk in NFS systems, as bin doesn't have the special protection
given to root.
Any process running as bin has the ability, if subverted, to access
all the non-privileged programs in the system, including many that
may subsequently be run as root.
Either the startup script is being run unsafely, or something that
is supposed to be set-user root has been made set-user bin, or
set-user has been inappropriately set on something that doesn't need it.