Date: Tue, 2 Oct 2001 00:35:07 -0400 (EDT) From: Chris BeHanna <behanna@zbzoom.net> To: <security@freebsd.org> Subject: Re: file permission question Message-ID: <20011002003111.D90494-100000@topperwein.dyndns.org> In-Reply-To: <OE726OJi57n6Hj1yNrU00004304@hotmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, 1 Oct 2001, default wrote:
> Hi,
>
> I am allowing a couple of ppl to have a shell account on one of my machines,
> and I am making a few changes to disallow them from using certain things...
> like chmoding the 'ps' command to 550 etc...
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
Why? "ps" can be a valuable diagnostic tool--even for (l)users.
Quite a few things can break without being able to access it; e.g.,
any script that relies upon ps to monitor the health of a running
process.
> I wanted to ask, is there any reason why one wouldn't want to chmod to 640
> the passwd file and other similar files? ...
Uh, because any userland process that calls getpwent() or
getgrent() will fail to run?
--
Chris BeHanna
Software Engineer (Remove "bogus" before responding.)
behanna@bogus.zbzoom.net
I was raised by a pack of wild corn dogs.
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20011002003111.D90494-100000>