On Mon, 1 Oct 2001, default wrote:

> Hi,
> 
> I am allowing a couple of ppl to have a shell account on one of my machines,
> and I am making a few changes to disallow them from using certain things...
> like chmoding the 'ps' command to 550 etc...
> 
> I wanted to ask, is there any reason why one wouldn't want to chmod to 640
> the passwd file and other similar files? ...

the base system is relativly secure on it's own. changing the permissions
on things like the passwd file breaks some programs that need it to read
user information. since the encrypted passwords are in /etc/master.passwd,
(which is permission 0600) you don't really need to change that.

honestly, changing permissions of 'standard' applications and utilities is
not going to stop a determined user on your server from abusing
resources. since having any users, other than yourself, on a machine is
technically a security risk.

your best bet is to meticuously comb through your installed files, and
only allow trusted users on your machines.


 -------/ f. johan beisser /--------------------------------------+
  http://caustic.org/~jan                      [EMAIL PROTECTED]
   "if my thought-dreams could be seen..
       "they'd probably put my head in a gillotine"
             -- Bob Dylan


To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-security" in the body of the message

_______________________________________________
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Reply via email to