/usr/sbin/diagperm is in netdiag 1.1-1.
This file is owned by root:root, with mode 0o755.
The actual contents of the file can be viewed below.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 | #!/bin/sh
# Change permissions, links so that a group of users can access the
# diagnostic commands.
# Originally (C) Christoph Lameter
# Changes in 2007 and 2008 done by Michael Meskes <meskes@debian.org>
# Placed under GPL
COMMANDS="netwatch trafshow"
errorexit()
{
echo -n "ERROR: "
echo $1;
exit 1;
}
if [ "x$1" = "x" ]; then
echo "Usage: diagperm [set] <group allowed access to diagnostic commands> | unset"
else
if [ "`id -u`" -ne 0 ]; then
errorexit "This program must be run by super-user (root)."
fi
if [ $1 = "unset" ]
then
for i in $COMMANDS; do
if [ -x /usr/sbin/dpkg-statoverride ]; then
dpkg-statoverride --remove /usr/sbin/$i || errorexit "Cannot suid unregister /usr/sbin/$i."
fi
if [ -f /usr/sbin/$i ]; then
chgrp root /usr/sbin/$i
chmod 0755 /usr/sbin/$i
fi
done
else
[ $1 = "set" ] && shift;
if grep -q "^$1:" /etc/group; then
for i in $COMMANDS; do
if [ -x /usr/sbin/dpkg-statoverride ]; then
dpkg-statoverride --update --add root $1 4754 /usr/sbin/$i || errorexit "Cannot suid register /usr/sbin/$i ."
else
#
# this is a fallback for systems without dpkg
#
if [ -f /usr/sbin/$i ]; then
chgrp $1 /usr/sbin/$i
chmod 4754 /usr/sbin/$i
fi
fi
done
echo "Permissions enabled for members of group $1."
else
echo "Group $1 not in /etc/group."
fi
fi
fi
|