Date: Fri, 25 Aug 2000 09:19:06 -0500 From: mike.sellenschuetter@bankofamerica.com To: freebsd-security@FreeBSD.ORG Subject: Sup Message-ID: <200008251419.HAA24594@laimail.bankofamerica.com>
next in thread | raw e-mail | index | archive | help
Dear All, We have a small system consisting of about 14 servers and 30 workstations. All servers and workstations are running FreeBSD 2.2.6 (we are going to upgrade to 4.0 or 4.1 sometime soon, hopefully this fall). While adding files to one of the collections in the repository on the sup server, I had a problem with getting one of the files to distribute to the clients. After talking with the vendor who integrated the system, they told me that all files in the repository on the sup server had to be world readable before the files would be distributed to the clients. Indeed, after I changed the permissions on this file, it did distribute to the clients the next time the sup process was run. I have two questions. First, is it true that all files have to be world readable (644) in the repository on the sup server before sup will work properly? I did not see that in the man pages for sup or supfilesrv. We have sensitive files (in addition to master.passwd, group, sudoers, etc) in several of the collections on the sup server, and if our Audit department finds out that these files are world readable, they are going to do a thorough job of making my life miserable. My second question is how can I tighten the permissions (or otherwise tighten security) on these files in the repository without adversely affecting the sup process? Thank you in advance for any advice that you can give me. Mike To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200008251419.HAA24594>