Date: Mon, 1 Oct 2001 21:26:33 -0700 (PDT) From: "f.johan.beisser" <jan@caustic.org> To: default <default013subscriptions@hotmail.com> Cc: freebsd-security@FreeBSD.ORG, freebsd-questions@FreeBSD.ORG Subject: Re: file permission question Message-ID: <Pine.BSF.4.21.0110012114320.4143-100000@pogo.caustic.org> In-Reply-To: <OE726OJi57n6Hj1yNrU00004304@hotmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, 1 Oct 2001, default wrote: > Hi, > > I am allowing a couple of ppl to have a shell account on one of my machines, > and I am making a few changes to disallow them from using certain things... > like chmoding the 'ps' command to 550 etc... > > I wanted to ask, is there any reason why one wouldn't want to chmod to 640 > the passwd file and other similar files? ... the base system is relativly secure on it's own. changing the permissions on things like the passwd file breaks some programs that need it to read user information. since the encrypted passwords are in /etc/master.passwd, (which is permission 0600) you don't really need to change that. honestly, changing permissions of 'standard' applications and utilities is not going to stop a determined user on your server from abusing resources. since having any users, other than yourself, on a machine is technically a security risk. your best bet is to meticuously comb through your installed files, and only allow trusted users on your machines. -------/ f. johan beisser /--------------------------------------+ http://caustic.org/~jan jan@caustic.org "if my thought-dreams could be seen.. "they'd probably put my head in a gillotine" -- Bob Dylan To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.21.0110012114320.4143-100000>