From owner-freebsd-questions  Mon Nov 12  2:36: 3 2001
Delivered-To: freebsd-questions@freebsd.org
Received: from relay3-gui.server.ntli.net (relay3-gui.server.ntli.net [194.168.4.200])
	by hub.freebsd.org (Postfix) with ESMTP id 48CA937B417
	for <questions@freebsd.org>; Mon, 12 Nov 2001 02:35:59 -0800 (PST)
Received: from pc3-card3-0-cust122.cdf.cable.ntl.com
	([62.254.251.122] helo=rhadamanth.private.submonkey.net ident=exim)
	by relay3-gui.server.ntli.net with esmtp (Exim 3.03 #2)
	id 163ERT-0004HB-00; Mon, 12 Nov 2001 10:35:51 +0000
Received: from setantae by rhadamanth.private.submonkey.net with local (Exim 3.33 #1)
	id 163EP0-000Kkc-00; Mon, 12 Nov 2001 10:33:18 +0000
Date: Mon, 12 Nov 2001 10:33:18 +0000
From: setantae <setantae@submonkey.net>
To: Mike Meyer <mwm@mired.org>
Cc: Walter Hop <walter@binity.com>, questions@freebsd.org
Subject: Re: does /etc HAVE to be world readable?
Message-ID: <20011112103318.GA79662@rhadamanth>
Mail-Followup-To: setantae <setantae@rhadamanth.FreeBSD.ORG>,
	Mike Meyer <mwm@mired.org>, Walter Hop <walter@binity.com>,
	questions@freebsd.org
References: <57002037@toto.iv> <15343.23465.798379.106042@guru.mired.org>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <15343.23465.798379.106042@guru.mired.org>
User-Agent: Mutt/1.3.23.1i
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-questions.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-questions>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-questions>
X-Loop: FreeBSD.ORG

On Sun, Nov 11, 2001 at 11:18:33PM -0600, Mike Meyer wrote:
> Walter Hop <walter@binity.com> types:
> > QuickQuestion(tm): does /etc HAVE to be world readable?
> 
> Of course not. In fact, about the only thing that has to exist to boot
> unix is the kernel and /bin/sh. The question is, what's going to break
> if you remove - or lock - the things in question.
> 
> After a quick scan of /etc, assuming you're running the standard base
> system tools, you can expect: 1) Files will be listed by user/group
> numbers instead of names if programs can't read /etc/passwd. 2)
> Anything trying to reach something else on the net will break because
> it can't get to /etc/resolve.conf and /etc/services. 3) Daemons that
> don't run as root may fail because they can't read /etc/services,
> though that's probably rare. 4) Mail will break in any number of
> ways. X won't be startable by users. 5) Some man pages will become
> inaccessible. 6) User programs that print won't be able to tell what
> printers are available.

Well, actually, all of those programs in theory already know what files
they are looking for, so /etc doesn't have to be world readable for those
reasons, since as long as it's world executable all of the above should
still work.

However, it still strikes me as a really bad idea.

Ceri

-- 
keep a mild groove on

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message