> So I've opened perms up to 644 again, but this seems the wrong thing > to do. I realise I was only gaining a minor layer of > security-thru-obscurity, but every little helps - surely we don't > want this file to be world-readable ? > > I note from inetd.conf that in.telnetd runs as uid.gid > telnetd.telnetd, whereas hosts.allow has uid.gid root.root, which I > guess is the cause of this.
correct > Can I change this around a bit to achieve my goal - maybe make a new > group called "foo" (say) and give that gid to in.telnetd and > hosts.allow ... ? Obscuring your libwrap/tcpd configuration from your local users, at the expense of allowing services to run as seperate, non-privileged users is a bad idea. Privilege seperation provides a very tangible benefit, obfuscated config files do not. -- Jamie Heilman http://audible.transient.net/~jamie/ "It's almost impossible to overestimate the unimportance of most things." -John Logue
