Re: Permissions Required On hosts.allow ?
> So I've opened perms up to 644 again, but this seems the wrong thing
> to do. I realise I was only gaining a minor layer of
> security-thru-obscurity, but every little helps - surely we don't
> want this file to be world-readable ?
>
> I note from inetd.conf that in.telnetd runs as uid.gid
> telnetd.telnetd, whereas hosts.allow has uid.gid root.root, which I
> guess is the cause of this.
correct
> Can I change this around a bit to achieve my goal - maybe make a new
> group called "foo" (say) and give that gid to in.telnetd and
> hosts.allow ... ?
Obscuring your libwrap/tcpd configuration from your local users, at
the expense of allowing services to run as seperate, non-privileged
users is a bad idea. Privilege seperation provides a very tangible
benefit, obfuscated config files do not.
--
Jamie Heilman http://audible.transient.net/~jamie/
"It's almost impossible to overestimate the unimportance of most things."
-John Logue
Reply to: