From owner-freebsd-questions Mon Oct 1 21:44:40 2001 Delivered-To: freebsd-questions@freebsd.org Received: from hotmail.com (oe18.law12.hotmail.com [64.4.18.122]) by hub.freebsd.org (Postfix) with ESMTP id E329337B410 for ; Mon, 1 Oct 2001 21:44:36 -0700 (PDT) Received: from mail pickup service by hotmail.com with Microsoft SMTPSVC; Mon, 1 Oct 2001 21:44:36 -0700 X-Originating-IP: [216.228.133.13] Reply-To: "default" From: "default" To: Subject: Fw: file permission question Date: Mon, 1 Oct 2001 23:44:37 -0500 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2600.0000 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 Message-ID: X-OriginalArrivalTime: 02 Oct 2001 04:44:36.0702 (UTC) FILETIME=[F04F2FE0:01C14AFC] Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG Hi, Thanks for the help... guess I'll leave those files as is... I've also changed the permissions on the commands/progs here: finger last lynx (just don't like other ppl usin it... ) ps rmserver (realserver) sc_serv (shoutcast) top w wall who I don't want my users to have access to them... is there any better way to do this? ... Like the sysctl setting you mentioned for ps? ... (truthfully alot of that went over my head... but i'll figure it out...) Thanks again, Jordan ----- Original Message ----- > From: "David Kirchner" > To: "default" > Cc: ; > Sent: Monday, October 01, 2001 10:22 PM > Subject: Re: file permission question > > > > /etc/passwd (probably really /etc/pwd.db) are used for several user-land > > programs including 'ls'. It's highly recommended that /etc/passwd stay > > readable to the world. > > > > Btw, the output of 'ps' can be easily reconstructed via access to the > > /proc filesystem. You can unmount this partition, but ps will operate > > differently. > > > > With /proc unmounted, you can still get a process listing for everyone - > > you can disable this by setting the sysctl kern.ps_showallprocs to 0. > > > > On Mon, 1 Oct 2001, default wrote: > > > > > Hi, > > > > > > I am allowing a couple of ppl to have a shell account on one of my > machines, > > > and I am making a few changes to disallow them from using certain > things... > > > like chmoding the 'ps' command to 550 etc... > > > > > > I wanted to ask, is there any reason why one wouldn't want to chmod to > 640 > > > the passwd file and other similar files? ... > > > > > > Thanks, > > > > > > Jordan > > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > > > with "unsubscribe freebsd-security" in the body of the message > > > > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message