Date: Thu, 17 Dec 1998 14:05:44 +1030 From: Greg Lehey <grog@lemis.com> To: Michael Slater <mikey@iexpress.net.au>, freebsd-questions@FreeBSD.ORG Subject: Re: Basic Security Question Message-ID: <19981217140544.Z486@freebie.lemis.com> In-Reply-To: <Pine.BSF.3.96.981217110551.22156A-100000@atlas.iexpress.net.au>; from Michael Slater on Thu, Dec 17, 1998 at 11:11:14AM %2B0800 References: <Pine.BSF.3.96.981217110551.22156A-100000@atlas.iexpress.net.au>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thursday, 17 December 1998 at 11:11:14 +0800, Michael Slater wrote: > Hello, > This might seem like a pretty basic question to most on this list but > here goes.. My boss, a non UNIX person, has directed me to make the /etc > directory readable only by root.. He ignores my argument that this is > not a good thing and claims that FreeBSD must be very insecure if this is > the case. Can someone explain in simple terms what the permissions should > be for the /etc directory, and why it is not a good idea to make it > readable only by root. His assumption is that a "good" comerical grade > system such as Solaris, or BSDI would never allow this.. Interesting question. In fact, there isn't much in /etc that needs to be user-readable. /etc/passwd springs to mind (some programs still read user data out of it; that's why we moved the passwords themselves out of passwd), as do /etc/group, /etc/sendmail.cf, /etc/XF86config and a number of others. This is definitely also the case for Solaris and BSD/OS. I think the real problem is that your boss doesn't understand the purpose of the files, or maybe he's thinking of the rc files, which I suppose you could limit to root. Of course, the obvious thing is: I don't believe that the /etc directory itself needs to be user-readable, as long as it's user executable (i.e. permissions rwx--x--x). Maybe this would make him happy. Greg -- See complete headers for address, home page and phone numbers finger grog@lemis.com for PGP public key To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?19981217140544.Z486>