( Re Message From: J.P.D. Kooij ) > > The solution with a file in /tmp is an elegant way around the the > setuid-root scripts problems. On the other hand, because /tmp is > world-writable and many system processes write to it, it might create it's > own backdoors
The point about using a root-owned script to watch /tmp for a "trigger" file planted by another user is that unless the script is running, nothing will happen, no matter what other users try to do. So root is able to decide at any time whether the operation is available to other users or not. This is more flexible than many other suggestions that have been posted, which would normally involve relatively permanent changes to the system setup. The watch-script I posted was only an example. It can be souped up to do more complicated things (e.g. to grep "ls -l /tmp/trigger_file" to see if it is owned by a particular user or set of users). In fact the scheme is a kind of infinitely customizable "cron". Ted. ([EMAIL PROTECTED])
