On Wed, Jul 27, 2005 at 06:11:52PM -0500, Dave Feustel wrote:
| On Wednesday 27 July 2005 04:23 pm, Paul de Weerd wrote:
| On Wed, Jul 27, 2005 at 12:13:01PM -0500, Dave Feustel wrote:
| | 1) add the line
| | umask 077
| | to .profile
|
| This breaks certain ports (as I found out the hard
Mh, I just deleted some text I wrote to 1) and 2), because most if it
was already said. It boils down to personal/administrational preference
and/or policy, the current defaults are just fine and logical and
trivial to change.
Dave Feustel wrote:
Also modify adduser so that the home
Moritz Grimm [EMAIL PROTECTED] wrote:
This kind of paranoia adds nothing to security (~/.ssh and others that
need it are already set to restrictive permissions), and there is no
privacy from root no matter what. The rest is, again, personal
preference and/or something about local policies.
On Thursday 28 July 2005 08:00 am, Jonathan Schleifer wrote:
Moritz Grimm [EMAIL PROTECTED] wrote:
This kind of paranoia adds nothing to security (~/.ssh and others that
need it are already set to restrictive permissions), and there is no
privacy from root no matter what. The rest is,
Jonathan Schleifer wrote:
This kind of paranoia adds nothing to security (~/.ssh and others that
need it are already set to restrictive permissions), and there is no
privacy from root no matter what. The rest is, again, personal
preference and/or something about local policies.
Ever heart of
On Thursday 28 July 2005 10:09 am, Moritz Grimm wrote:
And
there are also still numerous ways of breaking OpenBSD inspite of sane
defaults and exploit mitigation techniques in place.
Is there any way I can tell whether my system has been broken as you describe?
Dave Feustel wrote:
And
there are also still numerous ways of breaking OpenBSD inspite of sane
defaults and exploit mitigation techniques in place.
Is there any way I can tell whether my system has been broken as you describe?
This really depends ... I can't tell specifics. I mentioned this
On Thursday 28 July 2005 11:24 am, Moritz Grimm wrote:
Dave Feustel wrote:
And
there are also still numerous ways of breaking OpenBSD inspite of sane
defaults and exploit mitigation techniques in place.
Is there any way I can tell whether my system has been broken as you
describe?
Quoting Moritz Grimm [EMAIL PROTECTED]:
Ever heart of a multiuser system where one user shouldn't be able to
acces the files of another user? Not all users are thinking about this
issue and many forget to change the modes for confidential files. IMO,
But keeping confidential files on
On Thursday 28 July 2005 12:37 pm, Dave Feustel wrote:
On Thursday 28 July 2005 11:24 am, Moritz Grimm wrote:
Dave Feustel wrote:
And
[snip]
of this anecdote: A pal once had to deal with a probably-owned OpenBSD
box, because his clueless co-admin installed an outdated, vulnerable
MySQL
Hello!
On Thu, Jul 28, 2005 at 06:50:19PM +0200, [EMAIL PROTECTED] wrote:
Quoting Moritz Grimm [EMAIL PROTECTED]:
Ever heart of a multiuser system where one user shouldn't be able to
acces the files of another user? Not all users are thinking about this
issue and many forget to change the
Quoting Hannah Schroeter [EMAIL PROTECTED]:
Hello!
On Thu, Jul 28, 2005 at 06:50:19PM +0200, [EMAIL PROTECTED] wrote:
Quoting Moritz Grimm [EMAIL PROTECTED]:
Ever heart of a multiuser system where one user shouldn't be able to
acces the files of another user? Not all users are thinking
Timothy Donahue [EMAIL PROTECTED] wrote:
This is fairly easy to customize since the adduser command is just a
perl script. (Hint: I believe that line 1143 in 3.7 might be a good
place to start looking.)
I know, just wanted to say that changing it is not stupid. ;)
Moritz Grimm [EMAIL
[EMAIL PROTECTED] wrote:
Ever heart of a multiuser system where one user shouldn't be able to
acces the files of another user? Not all users are thinking about this
issue and many forget to change the modes for confidential files. IMO,
But keeping confidential files on true multiuser systems
Quoting Moritz Grimm [EMAIL PROTECTED]:
shell server. Who says that the admin is any more trustworthy than some
other, regular users?
They are not, but most of the time they give you confidential information
that you must use on that box that you use for stuff other users may
not
1) add the line
umask 077
to .profile
2)add the file .kshrc containing at least the line
set -o vi
Also modify adduser so that the home directory
permissions of new users are set to drwx--
instead of drwxr-xr-x
Quoting Dave Feustel [EMAIL PROTECTED]:
1) add the line
umask 077
to .profile
2)add the file .kshrc containing at least the line
set -o vi
Also modify adduser so that the home directory
permissions of new users are set to drwx--
instead of drwxr-xr-x
I agree with including a
On Wed, Jul 27, 2005 at 12:13:01PM -0500, Dave Feustel wrote:
| 1) add the line
| umask 077
| to .profile
This breaks certain ports (as I found out the hard way)
| 2)add the file .kshrc containing at least the line
| set -o vi
Better to export VISUAL=vi in your .profile if that's what you
On Wednesday 27 July 2005 04:23 pm, Paul de Weerd wrote:
On Wed, Jul 27, 2005 at 12:13:01PM -0500, Dave Feustel wrote:
| 1) add the line
| umask 077
| to .profile
This breaks certain ports (as I found out the hard way)
I was wondering about that. Which ports broke?
Thanks,
Dave
Dave Feustel wrote:
1) add the line
umask 077
to .profile
2)add the file .kshrc containing at least the line
set -o vi
Also modify adduser so that the home directory
permissions of new users are set to drwx--
instead of drwxr-xr-x
OpenBSD is a general purpose OS. There are
20 matches
Mail list logo