From owner-freebsd-questions@FreeBSD.ORG Fri Sep 24 15:50:01 2004 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 7A86716A4FA; Fri, 24 Sep 2004 15:50:01 +0000 (GMT) Received: from post5.inre.asu.edu (post5.inre.asu.edu [129.219.110.120]) by mx1.FreeBSD.org (Postfix) with ESMTP id 414E443D2F; Fri, 24 Sep 2004 15:50:01 +0000 (GMT) (envelope-from David.Bear@asu.edu) Received: from conversion.post5.inre.asu.edu by asu.edu (PMDF V6.1-1X6 #30769) id <0I4J00A01YGD0P@asu.edu>; Fri, 24 Sep 2004 08:45:49 -0700 (MST) Received: from smtp.asu.edu (smtp.asu.edu [129.219.110.107]) <0I4J0093ZYGDSO@asu.edu>; Fri, 24 Sep 2004 08:45:49 -0700 (MST) Received: from moroni.pp.asu.edu (moroni.pp.asu.edu [129.219.69.200]) (8.12.10/8.12.10/asu_smtp_relay,nullclient,tcp_wrapped) with ESMTP id i8OFjl71010979; Fri, 24 Sep 2004 08:45:47 -0700 (MST) Received: by moroni.pp.asu.edu (Postfix, from userid 500) id 5DBD8DEE; Fri, 24 Sep 2004 08:45:45 -0700 (MST) Received: from post1.inre.asu.edu (post1.inre.asu.edu [129.219.110.72]) by imap1.asu.edu (8.11.0/8.11.0/asu_cyrus,tcp_wrapped) with ESMTP id f924RdX21950 for ; Mon, 01 Oct 2001 21:27:39 -0700 (MST) Received: from conversion.post1.inre.asu.edu by asu.edu (PMDF V6.0-025 #47346) david.bear@asu.edu) ; Mon, 01 Oct 2001 21:27:38 -0700 (MST) Received: from mx2.freebsd.org (mx2.FreeBSD.org [216.136.204.119]) by asu.edu (PMDF V6.0-025 #47346) with ESMTP id <0GKK001P89Q2AQ@asu.edu> for iddwb@IMAP1.ASU.EDU (ORCPT david.bear@asu.edu); Mon, 01 Oct 2001 21:27:38 -0700 (MST) Received: from hub.freebsd.org (hub.FreeBSD.org [216.136.204.18]) by mx2.freebsd.org (Postfix) with ESMTP id 002F45575D; Mon, 01 Oct 2001 21:26:58 -0700 Received: by hub.freebsd.org (Postfix, from userid 538) id 36B6F37B40C; Mon, 01 Oct 2001 21:26:44 -0700 (PDT) Received: from localhost (localhost [127.0.0.1]) by hub.freebsd.org (Postfix) with SMTP id 977D72E8152; Mon, 01 Oct 2001 21:26:43 -0700 (PDT) Received: by hub.freebsd.org (bulk_mailer v1.12); Mon, 01 Oct 2001 21:26:43 -0700 Received: from pogo.caustic.org (caustic.org [64.163.147.186]) by hub.freebsd.org (Postfix) with ESMTP id D292237B411; Mon, 01 Oct 2001 21:26:34 -0700 (PDT) Received: from localhost (jan@localhost) by pogo.caustic.org (8.11.0/ignatz) with ESMTP id f924QXn77140; Mon, 01 Oct 2001 21:26:34 -0700 (PDT) From: "f.johan.beisser" In-reply-to: Sender: owner-freebsd-security@FreeBSD.ORG To: dwbear75@gmail.com Message-id: MIME-version: 1.0 Content-type: TEXT/PLAIN; charset=US-ASCII Precedence: bulk X-Loop: FreeBSD.org Delivered-to: freebsd-security@freebsd.org Old-To: default X-Ignore: This statement isn't supposed to be read by you X-Keywords: X-Status: cc: freebsd-security@FreeBSD.ORG cc: freebsd-questions@FreeBSD.ORG Subject: Re: file permission question X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Date: Fri, 24 Sep 2004 15:50:01 -0000 X-Original-Date: Mon, 01 Oct 2001 21:26:33 -0700 (PDT) X-List-Received-Date: Fri, 24 Sep 2004 15:50:01 -0000 On Mon, 1 Oct 2001, default wrote: > Hi, > > I am allowing a couple of ppl to have a shell account on one of my machines, > and I am making a few changes to disallow them from using certain things... > like chmoding the 'ps' command to 550 etc... > > I wanted to ask, is there any reason why one wouldn't want to chmod to 640 > the passwd file and other similar files? ... the base system is relativly secure on it's own. changing the permissions on things like the passwd file breaks some programs that need it to read user information. since the encrypted passwords are in /etc/master.passwd, (which is permission 0600) you don't really need to change that. honestly, changing permissions of 'standard' applications and utilities is not going to stop a determined user on your server from abusing resources. since having any users, other than yourself, on a machine is technically a security risk. your best bet is to meticuously comb through your installed files, and only allow trusted users on your machines. -------/ f. johan beisser /--------------------------------------+ http://caustic.org/~jan jan@caustic.org "if my thought-dreams could be seen.. "they'd probably put my head in a gillotine" -- Bob Dylan To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message