RE: SSH accounts - basic restriction
> Apache2: Apache2 starts up as root, and then changes to the
> user and group specified in the config files (default is
> www-data:www-data). So, if you change the group owner of
> apache2 to www-data (and all the files therein), and remove
> world access (chmod o-rwx), apache should still work. No
> guarantees, though.
I didn't change group, but only remove world access and apache is working :)
> Bind: I believe the same holds true for bind, but it's been
> a long time since I've used it (I use PowerDNS now).
Working
> Hosts.allow, hosts.deny: Not sure about those.
I heven't tested, yet
> Passwd: This needs to be readable by everyone. Despite the name,
> there isn't any actual password information in there (it's in
> /etc/shadow). But any process that needs to look up user information
> will need access. Even doing a simple "ls" command needs access.
:( Passwd should have read permission, when I remove this I can log to
system but bash tell something like this:
I have no name!@vdeb:/$
> Ssh: ssh runs as root, removing world access is probably fine.
Working
> Network: It's probably okay to remove world access.
Working too
--
Best regards
Reply to: