On Tue, 2014-01-07 at 12:08 -0800, King Beowulf wrote: > In general, Only root should have access to anything in /etc
snip > On Tuesday, January 7, 2014, Rich Shepard wrote: > > > In general, is it a good practice to set config files (such as > > /etc/httpd/httpd.conf) to 444 once they are properly structured? > > In the context of SELinux (no pun intended), I disagree. To enable security with Role-based Access Control configuration files in /etc/ should be owned by the service user, e.g. /etc/tomcat6/tomcat6.conf should be owned by user (and group) tomcat. (IMO Red Hat sets up ownership improperly, at least to enable full security features associated with SELinux). Otherwise, any crack of a Linux service can compromise the root account on that system. Thanks, Mike _______________________________________________ PLUG mailing list [email protected] http://lists.pdxlinux.org/mailman/listinfo/plug
