Access Permissions
Benjamin Honsinger
Honsinger at einstein.wsd.wednet.edu
Wed Feb 9 11:50:38 PST 2000
Thanks - I'll try it tomorrow or tonight (gotta go to my next class)!
Ben
On Wed, 09 Feb 2000, you wrote:
> I'll make some comments on the message below. Keep in mind that I have no
> experience with VMware or its strengths/weaknesses.
>
> On Wed, 9 Feb 2000, R. David Whitlock wrote:
>
> |VMware, because it needs certain kinds of
> |access to the hardware, will almost certainly require (unless they've made
> |a big effort to put that feature in) root access to get what it needs in
> |access rights.
>
> If that is the case, you'll probably want to restrict who can run the
> application on this computer. If it were me I would make the program
> setuid root. Then I would create a group called "vmware" and add myself
> to the group, change group ownership of vmware to "vmware", and change the
> permissions on vmware so only people within the group can execute it (i.e.
> 4750).
>
>
> |If attackers are not getting into the system, and VMware isn't running
> |anything that listens to open TCP/IP ports, then it doesn't seem to
> |present such a big risk to me.
>
> As long as this really is a single user computer, or as long as you've
> taken my advice above and made sure that only the people you specify can
> run the application.
>
> -----------------------------------------------
> Michael Hornung foobar at u.washington.edu
More information about the Linux
mailing list