RE: SSH accounts - basic restriction
- From: Jarek Buczyński <jaro80@xxxxxxxxx>
- Date: Tue, 6 Feb 2007 18:24:52 +0100
Files in /etc are designed to be readable to all processes, including
user processes. For example, /etc/resolv.conf for looking up hosts,
/etc/passwd for user details and so on. Anything which explicitly needs
to be hidden from normal users can have appropriate permissions set,
e.g. /etc/shadow is normally only readable by root.
Below is default debian permission for selected files and catalogs:
drwxr-xr-x 8 root root 4096 2007-02-05 01:46 apache2
drwxr-sr-x 2 root bind 4096 2007-02-05 01:48 bind
-rw-r--r-- 1 root root 677 2006-11-07 03:14 hosts.allow
-rw-r--r-- 1 root root 901 2006-11-07 03:14 hosts.deny
-rw-r--r-- 1 root root 1033 2007-02-05 01:48 passwd
drwxr-xr-x 2 root root 4096 2006-11-07 02:38 ssh
drwxr-xr-x 7 root root 4096 2006-11-07 03:14 network
If change permission
chmod o-rwx
will system work correctly?
There shouldn't be anything readable under /etc which constitutes a
security risk. If you really don't trust your users, don't give them
access in the first place :-)
:-) I trust my users, but I think the souldn't reed this files :-)
--
Best regards
--
To UNSUBSCRIBE, email to debian-user-REQUEST@xxxxxxxxxxxxxxxx
with a subject of "unsubscribe". Trouble? Contact listmaster@xxxxxxxxxxxxxxxx
- Follow-Ups:
- RE: SSH accounts - basic restriction
- From: Kevin Ross
- RE: SSH accounts - basic restriction
- References:
- Re: SSH accounts - basic restriction
- From: Dave Ewart
- Re: SSH accounts - basic restriction
- Prev by Date: Re: generate RAM disk
- Next by Date: Re: Clamd error messags (two postings)
- Previous by thread: Re: SSH accounts - basic restriction
- Next by thread: RE: SSH accounts - basic restriction
- Index(es):
Relevant Pages
|
