Date: Mon, 1 Oct 2001 20:22:41 -0700 (PDT) From: David Kirchner <davidk@accretivetg.com> To: default <default013subscriptions@hotmail.com> Cc: <freebsd-security@FreeBSD.ORG>, <freebsd-questions@FreeBSD.ORG> Subject: Re: file permission question Message-ID: <20011001202015.R85958-100000@localhost> In-Reply-To: <OE726OJi57n6Hj1yNrU00004304@hotmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
/etc/passwd (probably really /etc/pwd.db) are used for several user-land programs including 'ls'. It's highly recommended that /etc/passwd stay readable to the world. Btw, the output of 'ps' can be easily reconstructed via access to the /proc filesystem. You can unmount this partition, but ps will operate differently. With /proc unmounted, you can still get a process listing for everyone - you can disable this by setting the sysctl kern.ps_showallprocs to 0. On Mon, 1 Oct 2001, default wrote: > Hi, > > I am allowing a couple of ppl to have a shell account on one of my machines, > and I am making a few changes to disallow them from using certain things... > like chmoding the 'ps' command to 550 etc... > > I wanted to ask, is there any reason why one wouldn't want to chmod to 640 > the passwd file and other similar files? ... > > Thanks, > > Jordan > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20011001202015.R85958-100000>