RE: SSH accounts - basic restriction

To: <debian-user@lists.debian.org>
Subject: RE: SSH accounts - basic restriction
From: Jarek Buczyński <jaro80@gmail.com>
Date: Tue, 6 Feb 2007 18:24:52 +0100
Message-id: <[🔎] 013c01c74a13$b8fe8330$aa00000a@home.pol>
In-reply-to: <[🔎] 20070206134634.GB6622@sungate.co.uk>

> Files in /etc are designed to be readable to all processes, including
> user processes.  For example, /etc/resolv.conf for looking up hosts,
> /etc/passwd for user details and so on.  Anything which explicitly needs
> to be hidden from normal users can have appropriate permissions set,
> e.g. /etc/shadow is normally only readable by root.

Below is default debian permission for selected files and catalogs:

drwxr-xr-x   8 root   root     4096 2007-02-05 01:46 apache2
drwxr-sr-x   2 root   bind     4096 2007-02-05 01:48 bind
-rw-r--r--   1 root   root      677 2006-11-07 03:14 hosts.allow
-rw-r--r--   1 root   root      901 2006-11-07 03:14 hosts.deny
-rw-r--r--   1 root   root     1033 2007-02-05 01:48 passwd
drwxr-xr-x   2 root   root     4096 2006-11-07 02:38 ssh
drwxr-xr-x   7 root   root     4096 2006-11-07 03:14 network

If change permission 

chmod o-rwx 

will system work correctly?

> There shouldn't be anything readable under /etc which constitutes a
> security risk.  If you really don't trust your users, don't give them
> access in the first place :-)

:-) I trust my users, but I think the souldn't reed this files :-)

--
Best regards

Reply to:

Follow-Ups:
- RE: SSH accounts - basic restriction
  - From: "Kevin Ross" <kross@statuspro.tv>

References:
- Re: SSH accounts - basic restriction
  - From: Dave Ewart <davee@sungate.co.uk>

Prev by Date: Re: generate RAM disk
Next by Date: Re: Clamd error messags (two postings)
Previous by thread: Re: SSH accounts - basic restriction
Next by thread: RE: SSH accounts - basic restriction
Index(es):
- Date
- Thread