From owner-freebsd-questions  Wed Dec 16 19:51:46 1998
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id TAA28599
          for freebsd-questions-outgoing; Wed, 16 Dec 1998 19:51:46 -0800 (PST)
          (envelope-from owner-freebsd-questions@FreeBSD.ORG)
Received: from java.dpcsys.com (java.dpcsys.com [206.16.184.7])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id TAA28594
          for <freebsd-questions@FreeBSD.ORG>; Wed, 16 Dec 1998 19:51:45 -0800 (PST)
          (envelope-from dan@dpcsys.com)
Received: from localhost (dan@localhost)
	by java.dpcsys.com (8.9.1a/8.9.1) with SMTP id TAA11101;
	Wed, 16 Dec 1998 19:52:07 -0800 (PST)
Date: Wed, 16 Dec 1998 19:52:07 -0800 (PST)
From: Dan Busarow <dan@dpcsys.com>
To: Michael Slater <mikey@iexpress.net.au>
cc: freebsd-questions@FreeBSD.ORG
Subject: Re: Basic Security Question
In-Reply-To: <Pine.BSF.3.96.981217110551.22156A-100000@atlas.iexpress.net.au>
Message-ID: <Pine.BSF.3.96.981216194814.480B-100000@java.dpcsys.com>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

On Thu, 17 Dec 1998, Michael Slater wrote:
>   This might seem like a pretty basic question to most on this list but
> here goes.. My boss, a non UNIX person, has directed me to make the /etc
> directory readable only by root.. He ignores my argument that this is
> not a good thing and claims that FreeBSD must be very insecure if this is
> the case. Can someone explain in simple terms what the permissions should
> be for the /etc directory, and why it is not a good idea to make it
> readable only by root. His assumption is that a "good" comerical grade
> system such as Solaris, or BSDI would never allow this..

You could show him this.

$ uname -a
SunOS bloodhound 5.6 Generic sun4m sparc SUNW,SPARCstation-20
$ ls -ld /etc
drwxr-xr-x  27 root     sys         3072 Dec 13 00:10 /etc

That's the default install values for Solaris 5.6

Greg's suggestion for a mode 711 /etc should work fine too if
he really wants to turn off group/other reading.

Dan
-- 
 Dan Busarow                                                  949 443 4172
 Dana Point Communications, Inc.                            dan@dpcsys.com
 Dana Point, California  83 09 EF 59 E0 11 89 B4   8D 09 DB FD E1 DD 0C 82


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message