file permission question
jan at caustic.org
Fri Sep 24 08:50:01 PDT 2004
On Mon, 1 Oct 2001, default wrote:
> I am allowing a couple of ppl to have a shell account on one of my machines,
> and I am making a few changes to disallow them from using certain things...
> like chmoding the 'ps' command to 550 etc...
> I wanted to ask, is there any reason why one wouldn't want to chmod to 640
> the passwd file and other similar files? ...
the base system is relativly secure on it's own. changing the permissions
on things like the passwd file breaks some programs that need it to read
user information. since the encrypted passwords are in /etc/master.passwd,
(which is permission 0600) you don't really need to change that.
honestly, changing permissions of 'standard' applications and utilities is
not going to stop a determined user on your server from abusing
resources. since having any users, other than yourself, on a machine is
technically a security risk.
your best bet is to meticuously comb through your installed files, and
only allow trusted users on your machines.
-------/ f. johan beisser /--------------------------------------+
http://caustic.org/~jan jan at caustic.org
"if my thought-dreams could be seen..
"they'd probably put my head in a gillotine"
-- Bob Dylan
To Unsubscribe: send mail to majordomo at FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
More information about the freebsd-questions