RE: SSH accounts - basic restriction

To: <debian-user@lists.debian.org>
Subject: RE: SSH accounts - basic restriction
From: Jarek Buczyński <jaro80@gmail.com>
Date: Tue, 6 Feb 2007 22:55:18 +0100
Message-id: <[🔎] 018501c74a39$7e9e66d0$aa00000a@home.pol>
In-reply-to: <[🔎] 018501c74a23$e8b427a0$4a01a8c0@corp1.mmetrics.local>

> Apache2: Apache2 starts up as root, and then changes to the
> user and group specified in the config files (default is
> www-data:www-data).  So, if you change the group owner of
> apache2 to www-data (and all the files therein), and remove
> world access (chmod o-rwx), apache should still work.  No
> guarantees, though.

I didn't change group, but only remove world access and apache is working :)


> Bind:  I believe the same holds true for bind, but it's been
> a long time since I've used it (I use PowerDNS now).

Working

> Hosts.allow, hosts.deny: Not sure about those.

I heven't tested, yet

> Passwd:  This needs to be readable by everyone.  Despite the name,
> there isn't any actual password information in there (it's in
> /etc/shadow).  But any process that needs to look up user information
> will need access.  Even doing a simple "ls" command needs access.

:( Passwd should have read permission, when I remove this I can log to
system but bash tell something like this:

I have no name!@vdeb:/$
 
> Ssh:  ssh runs as root, removing world access is probably fine.

Working

> Network:  It's probably okay to remove world access.

Working too
 
--
Best regards

Reply to:

References:
- RE: SSH accounts - basic restriction
  - From: "Kevin Ross" <kross@statuspro.tv>

Prev by Date: Re: Attracting newbies (Was Booting Debian/testing fails)
Next by Date: Re: samba-common = 3.0.23d-4 but 3.0.24-2 is installed
Previous by thread: RE: SSH accounts - basic restriction
Next by thread: Acroread Navigation Pane
Index(es):
- Date
- Thread