RE: SSH accounts - basic restriction
Hello
> You can change the permissions for home directories so that users cannot
> see each others; you can also change the permissions for /root so that
> it is invisible to non-root users (chmod 700 ...)
OK. I've done this. But at /root/ catalog I have some scripts, this scripts
have symbolic links to /etc/networks/ip-up.d. Will this scripts start when
I'll rebbot server?
> Also, check /etc/adduser.conf to change the default permissions that new
> homes are created with.
Default is DIR_MODE=0755, is it good change this to DIR_MODE=0700?
> However, I'd strongly advise against trying to restrict access to /etc -
> this will break lots of things!
So, I didn't tuch permision /etc, why this is dangerous? Can some daemons
have problem with normal working?
> What are you actually trying to achieve? Or, to take another view, what
> exactly are you trying to prevent and why?
I'd like my users don't access to some file for example /etc/*, they
shouldn't see apache, bind, ftp etc config file. I think it's good practice,
probably :)
--
Best regards
Reply to: