[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

RE: secure file permissions


I recommend using the chattr program. You should set them immutable
chattr +i /etc/passwd /etc/shadow /etc/group /etc/gshadow. Man chattr. 

Domonkos Czinke

-----Original Message-----
From: Lupe Christoph [mailto:lupe@lupe-christoph.de] 
Sent: Sunday, December 07, 2003 9:56 AM
To: mi
Cc: debian-security@lists.debian.org
Subject: Re: secure file permissions

On Sunday, 2003-12-07 at 09:27:04 +0100, mi wrote:

> Can you tell me what are the default permissions for /etc/group and 
> /etc/passwd ?

> I restricted them to rw for root only, but some things like exim (and 
> possibly dpkg ?) seem to need read access there too.
> What's recommendet ?

You want to change them, so I guess you should know why.

BTW, try running ls as a user when /etc/group and /etc/passwd are 600.

Lupe Christoph
| lupe@lupe-christoph.de       |           http://www.lupe-christoph.de/
| "Violence is the resort of the violent" Lu Tze
| "Thief of Time", Terry Pratchett

To UNSUBSCRIBE, email to debian-security-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact

Reply to: