# These file ensures that privileges to applications that were not
# covered by the evaluation are dropped or added.

# restrict su to users of the trusted group to prevent denial
# of service attacks or password cracking attacks against the root
# password 
/usr/bin/su					root:trusted	4710
# This permission allows the use of targetpw in /etc/sudoers and still
# preventing password cracking attacks from normal users against the root
# password.
/usr/bin/sudo					root:trusted	4710

# 6.2.4.32 Security management roles (FMT_SMR.1)
# users must be able to change their own password
/usr/bin/passwd					root:shadow	4755

# needed for eg screen lock
/sbin/unix_chkpwd				root:shadow	4755

/usr/bin/at					root:trusted	4750
/usr/bin/crontab				root:trusted	4755

# useless entry in permissions files. Created by tmpfiles anyways
/run/uscreens/					root:root       1777
/var/run/uscreens/				root:root       1777
