RE: secure file permissions

To: "Lupe Christoph" <lupe@lupe-christoph.de>, "mi" <michael.wordehoff@gmx.de>
Cc: <debian-security@lists.debian.org>
Subject: RE: secure file permissions
From: "Domonkos Czinke" <domonkos.czinke@keystone.hu>
Date: Mon, 8 Dec 2003 09:16:05 +0100
Message-id: <[🔎] 663094E307F13E459D80FB7C5A830C10ECEE6E@loire.internal.nextra.hu>

Hi,

I recommend using the chattr program. You should set them immutable
chattr +i /etc/passwd /etc/shadow /etc/group /etc/gshadow. Man chattr. 

Domonkos Czinke

-----Original Message-----
From: Lupe Christoph [mailto:lupe@lupe-christoph.de] 
Sent: Sunday, December 07, 2003 9:56 AM
To: mi
Cc: debian-security@lists.debian.org
Subject: Re: secure file permissions


On Sunday, 2003-12-07 at 09:27:04 +0100, mi wrote:

> Can you tell me what are the default permissions for /etc/group and 
> /etc/passwd ?

> I restricted them to rw for root only, but some things like exim (and 
> possibly dpkg ?) seem to need read access there too.
> What's recommendet ?

You want to change them, so I guess you should know why.

BTW, try running ls as a user when /etc/group and /etc/passwd are 600.

Lupe Christoph
-- 
| lupe@lupe-christoph.de       |           http://www.lupe-christoph.de/
|
| "Violence is the resort of the violent" Lu Tze
|
| "Thief of Time", Terry Pratchett
|


-- 
To UNSUBSCRIBE, email to debian-security-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact
listmaster@lists.debian.org

Reply to:

Follow-Ups:
- Re: secure file permissions
  - From: Russell Coker <russell@coker.com.au>
- Re: secure file permissions
  - From: Phillip Hofmeister <plhofmei@zionlth.org>

Prev by Date: Re: Will 2.4.20 Source be patched for the latest kernel vulnerability?
Next by Date: RE: Grsecurity, ssh and postfix
Previous by thread: Re: secure file permissions
Next by thread: Re: secure file permissions
Index(es):
- Date
- Thread