RE: SSH accounts - basic restriction

To: <debian-user@lists.debian.org>
Subject: RE: SSH accounts - basic restriction
From: Jarek Buczyński <jaro80@gmail.com>
Date: Tue, 6 Feb 2007 12:45:57 +0100
Message-id: <[🔎] 00ee01c749e4$5eb8f7e0$aa00000a@home.pol>
In-reply-to: <[🔎] 20070206105004.GA6622@sungate.co.uk>

Hello

> You can change the permissions for home directories so that users cannot
> see each others; you can also change the permissions for /root so that
> it is invisible to non-root users (chmod 700 ...)

OK. I've done this. But at /root/ catalog I have some scripts, this scripts
have symbolic links to /etc/networks/ip-up.d. Will this scripts start when
I'll rebbot server? 

> Also, check /etc/adduser.conf to change the default permissions that new
> homes are created with.

Default is DIR_MODE=0755, is it good change this to DIR_MODE=0700?

> However, I'd strongly advise against trying to restrict access to /etc -
> this will break lots of things!

So, I didn't tuch permision /etc, why this is dangerous? Can some daemons
have problem with normal working?

> What are you actually trying to achieve?  Or, to take another view, what
> exactly are you trying to prevent and why?

I'd like my users don't access to some file for example /etc/*, they
shouldn't see apache, bind, ftp etc config file. I think it's good practice,
probably :)

--
Best regards

Reply to:

Follow-Ups:
- Re: SSH accounts - basic restriction
  - From: "Roberto C. Sanchez" <roberto@connexer.com>
- Re: SSH accounts - basic restriction
  - From: Dave Ewart <davee@sungate.co.uk>

References:
- Re: SSH accounts - basic restriction
  - From: Dave Ewart <davee@sungate.co.uk>

Prev by Date: Re: SSH accounts - basic restriction
Next by Date: Re: First impressions of Etch and trying to get vmware server to run (amd64)
Previous by thread: Re: SSH accounts - basic restriction
Next by thread: Re: SSH accounts - basic restriction
Index(es):
- Date
- Thread