From owner-freebsd-questions Mon Oct 1 21:26:33 2001 Delivered-To: freebsd-questions@freebsd.org Received: from webs1.accretive-networks.net (webs1.accretive-networks.net [207.246.154.13]) by hub.freebsd.org (Postfix) with ESMTP id 1CD1737B40C; Mon, 1 Oct 2001 21:26:28 -0700 (PDT) Received: from localhost (davidk@localhost) by webs1.accretive-networks.net (8.11.1/8.11.3) with ESMTP id f923Mf761124; Mon, 1 Oct 2001 20:22:41 -0700 (PDT) Date: Mon, 1 Oct 2001 20:22:41 -0700 (PDT) From: David Kirchner X-X-Sender: To: default Cc: , Subject: Re: file permission question In-Reply-To: Message-ID: <20011001202015.R85958-100000@localhost> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG /etc/passwd (probably really /etc/pwd.db) are used for several user-land programs including 'ls'. It's highly recommended that /etc/passwd stay readable to the world. Btw, the output of 'ps' can be easily reconstructed via access to the /proc filesystem. You can unmount this partition, but ps will operate differently. With /proc unmounted, you can still get a process listing for everyone - you can disable this by setting the sysctl kern.ps_showallprocs to 0. On Mon, 1 Oct 2001, default wrote: > Hi, > > I am allowing a couple of ppl to have a shell account on one of my machines, > and I am making a few changes to disallow them from using certain things... > like chmoding the 'ps' command to 550 etc... > > I wanted to ask, is there any reason why one wouldn't want to chmod to 640 > the passwd file and other similar files? ... > > Thanks, > > Jordan > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message