file permission question

[David Kirchner]

/etc/passwd (probably really /etc/pwd.db) are used for several user-land
programs including 'ls'. It's highly recommended that /etc/passwd stay
readable to the world.

Btw, the output of 'ps' can be easily reconstructed via access to the
/proc filesystem. You can unmount this partition, but ps will operate
differently.

With /proc unmounted, you can still get a process listing for everyone -
you can disable this by setting the sysctl kern.ps_showallprocs to 0.

On Mon, 1 Oct 2001, default wrote:

> Hi,
>
> I am allowing a couple of ppl to have a shell account on one of my machines,
> and I am making a few changes to disallow them from using certain things...
> like chmoding the 'ps' command to 550 etc...
>
> I wanted to ask, is there any reason why one wouldn't want to chmod to 640
> the passwd file and other similar files? ...
>
> Thanks,
>
> Jordan
>
> To Unsubscribe: send mail to majordomo at FreeBSD.org
> with "unsubscribe freebsd-security" in the body of the message
>


To Unsubscribe: send mail to majordomo at FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message