From owner-freebsd-questions Wed Dec 16 19:36:13 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id TAA26913 for freebsd-questions-outgoing; Wed, 16 Dec 1998 19:36:13 -0800 (PST) (envelope-from owner-freebsd-questions@FreeBSD.ORG) Received: from allegro.lemis.com (allegro.lemis.com [192.109.197.134]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id TAA26908 for ; Wed, 16 Dec 1998 19:36:09 -0800 (PST) (envelope-from grog@freebie.lemis.com) Received: from freebie.lemis.com (freebie.lemis.com [192.109.197.137]) by allegro.lemis.com (8.9.1/8.9.0) with ESMTP id OAA08636; Thu, 17 Dec 1998 14:05:46 +1030 (CST) Received: (from grog@localhost) by freebie.lemis.com (8.9.1/8.9.0) id OAA03718; Thu, 17 Dec 1998 14:05:44 +1030 (CST) Message-ID: <19981217140544.Z486@freebie.lemis.com> Date: Thu, 17 Dec 1998 14:05:44 +1030 From: Greg Lehey To: Michael Slater , freebsd-questions@FreeBSD.ORG Subject: Re: Basic Security Question References: Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 0.91.1i In-Reply-To: ; from Michael Slater on Thu, Dec 17, 1998 at 11:11:14AM +0800 WWW-Home-Page: http://www.lemis.com/~grog Organization: LEMIS, PO Box 460, Echunga SA 5153, Australia Phone: +61-8-8388-8286 Fax: +61-8-8388-8725 Mobile: +61-41-739-7062 Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG On Thursday, 17 December 1998 at 11:11:14 +0800, Michael Slater wrote: > Hello, > This might seem like a pretty basic question to most on this list but > here goes.. My boss, a non UNIX person, has directed me to make the /etc > directory readable only by root.. He ignores my argument that this is > not a good thing and claims that FreeBSD must be very insecure if this is > the case. Can someone explain in simple terms what the permissions should > be for the /etc directory, and why it is not a good idea to make it > readable only by root. His assumption is that a "good" comerical grade > system such as Solaris, or BSDI would never allow this.. Interesting question. In fact, there isn't much in /etc that needs to be user-readable. /etc/passwd springs to mind (some programs still read user data out of it; that's why we moved the passwords themselves out of passwd), as do /etc/group, /etc/sendmail.cf, /etc/XF86config and a number of others. This is definitely also the case for Solaris and BSD/OS. I think the real problem is that your boss doesn't understand the purpose of the files, or maybe he's thinking of the rc files, which I suppose you could limit to root. Of course, the obvious thing is: I don't believe that the /etc directory itself needs to be user-readable, as long as it's user executable (i.e. permissions rwx--x--x). Maybe this would make him happy. Greg -- See complete headers for address, home page and phone numbers finger grog@lemis.com for PGP public key To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message