[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Permissions Required On hosts.allow ?

> So I've opened perms up to 644 again, but this seems the wrong thing
> to do.  I realise I was only gaining a minor layer of
> security-thru-obscurity, but every little helps - surely we don't
> want this file to be world-readable ?
> I note from inetd.conf that in.telnetd runs as uid.gid
> telnetd.telnetd, whereas hosts.allow has uid.gid root.root, which I
> guess is the cause of this.


> Can I change this around a bit to achieve my goal - maybe make a new
> group called "foo" (say) and give that gid to in.telnetd and
> hosts.allow ... ?

Obscuring your libwrap/tcpd configuration from your local users, at
the expense of allowing services to run as seperate, non-privileged
users is a bad idea.  Privilege seperation provides a very tangible
benefit, obfuscated config files do not.

Jamie Heilman                   http://audible.transient.net/~jamie/
"It's almost impossible to overestimate the unimportance of most things."
							-John Logue

Reply to: