On Mon, Jan 21, 2002 at 09:45:50PM +0000, Tim Haynes wrote: > > Is there any reason you can't just chmod 0600 /root/.my.cnf, in that > > case? Clearly there are individual files that you don't want > > world-readable, but that's true for normal users' home dirs as well. > > Why do you want folks to be able to *see* that you have a .my.conf in > there? What difference does it make? They know you have an /etc/shadow, /var/mail/$USER, ~/.bash_history, etc etc etc. Those don't need to be in read-protected directories. They can 'ls' them all they want, but it won't get them anywhere. > Directory and file permissions work together; block r on the dir and the > users won't be able to _ls_ in it. Block permissions on the file as well, > and they won't be able to read it should they guess its existence. > All to the good, as far as I'm concerned! Multiple layers of security are one thing, but this doesn't get you anything. Compromise one layer and you've necessarily compromised the other. noah -- _______________________________________________________ | Web: http://web.morgul.net/~frodo/ | PGP Public Key: http://web.morgul.net/~frodo/mail.html
Attachment:
pgp7k8XonY5ie.pgp
Description: PGP signature