From owner-freebsd-questions Mon Nov 12 18:32:55 2001 Delivered-To: freebsd-questions@freebsd.org Received: from guru.mired.org (okc-65-31-203-60.mmcable.com [65.31.203.60]) by hub.freebsd.org (Postfix) with SMTP id 8FF7A37B405 for ; Mon, 12 Nov 2001 18:32:51 -0800 (PST) Received: (qmail 1224 invoked by uid 100); 13 Nov 2001 02:32:45 -0000 From: Mike Meyer MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Message-ID: <15344.34381.129195.12756@guru.mired.org> Date: Mon, 12 Nov 2001 20:32:45 -0600 To: setantae Cc: questions@freebsd.org Subject: Re: does /etc HAVE to be world readable? In-Reply-To: <20011112103318.GA79662@rhadamanth> References: <57002037@toto.iv> <15343.23465.798379.106042@guru.mired.org> <20011112103318.GA79662@rhadamanth> X-Mailer: VM 6.90 under 21.1 (patch 14) "Cuyahoga Valley" XEmacs Lucid X-face: "5Mnwy%?j>IIV\)A=):rjWL~NB2aH[}Yq8Z=u~vJ`"(,&SiLvbbz2W`;h9L,Yg`+vb1>RG% *h+%X^n0EZd>TM8_IB;a8F?(Fb"lw'IgCoyM.[Lg#r\ Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG setantae types: > On Sun, Nov 11, 2001 at 11:18:33PM -0600, Mike Meyer wrote: > > Walter Hop types: > > > QuickQuestion(tm): does /etc HAVE to be world readable? > > After a quick scan of /etc, assuming you're running the standard base > > system tools, you can expect: 1) Files will be listed by user/group > > numbers instead of names if programs can't read /etc/passwd. 2) > > Anything trying to reach something else on the net will break because > > it can't get to /etc/resolve.conf and /etc/services. 3) Daemons that > > don't run as root may fail because they can't read /etc/services, > > though that's probably rare. 4) Mail will break in any number of > > ways. X won't be startable by users. 5) Some man pages will become > > inaccessible. 6) User programs that print won't be able to tell what > > printers are available. > Well, actually, all of those programs in theory already know what files > they are looking for, so /etc doesn't have to be world readable for those > reasons, since as long as it's world executable all of the above should > still work. You're right. I completely misread the question, thinking they wanted /etc locked. > However, it still strikes me as a really bad idea. True. Nor does it add very much security, as anyone can still read any file they could read if /etc were readable. Since the files used by most programs are well-known, you'd have to change the file name to protect them - in which case, you might as well put them in a different directory while you're at it. http://www.mired.org/home/mwm/ Q: How do you make the gods laugh? A: Tell them your plans. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message