[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Permissions Required On hosts.allow ?

On Thu, 29 Aug 2002 08:37:15 -0600 (MDT), Joe Moore wrote:

>Another option would be to create a group, for example called "tcpwrap".
>tcpwrap:x:150:telnetd, sshd, irc, identd
>(This list is based on the users in /etc/passwd which appear to be for
>services that would benefit from tcpwrap.  Adjust as appropriate.)
>Set /etc/hosts.allow to mod 0640 and ownership root:tcpwrap
>When tcpd is running as UID telnetd, it will also have group equivalence to
>GID tcpwrap, so it will be able to read /etc/hosts.allow

Yep - that's just the sort of thing I had in mind - I can't see a
problem with it if all the new GID does is grant read access to the
tcp wrappers config files.  [ I just realised one more ingredient
required is to make the relevant service daemons sgid tcpwrap as well
as members of it. ]

But I realise this stuff is tricky, and there may be some unforseen
consequence that only a thorough knowledge of the source code (which I
don't have) can elicit - that's why I sought comments :)

I'm still not sure about it.

Nick Boyce
Bristol, UK
"Ok spammer, I'll 'just hit delete'. You can be 'Delete'."
                         --  Ron "SuperTroll" Ritzman, NANAE

Reply to: