Securing-a-server.md

@@ -74,10 +74,11 @@ Part 1: Basic permissions
 
 * By default, removing all perms for everyone on everything (duh!)
 * Give read access to everyone in "/"
-* Give execution rights to everyone for "/bin/clear" and "/bin/sudo"
+* Give execution rights to everyone for "/bin/clear"
 * Create the groups and add them to users accordingly
 * Set group for /Public/ as "ftp" and give it group-level read
 * Set group for /Public/Downloads/ as "ftp" and give it (recursive) group-level read
+* Set group for /bin/sudo as "gateway" and give it group-level execute... and execution rights to everyone if there's no ssh!
 * If there are dedicated gateways to reach the LAN, replace the builtin ssh command with our "wanssh" tool 
 
 Part 2: Deleting unnecessary tools