As dave said I think that this will break stuff - but I also remember
there is a way to get the passwd file used (served) by the ftp
daemon to be a dummy passwd file with just your ftp user(s) in there,
rather than your real users...
not a massive problem because the passwords are stored in the shadow
file - but it is a problem if you have lusers on your system choosing
weak passwords...
I can't remember where I read about the dummy passwd file for ftp
though - I solved our ftpd vulnerabilities a year or two back by
using:
rpm --erase
on whatever package wuftpd is in - see - it's been so long I don't
even remember that! ;)
- dan.
At 12:25 PM -0400 18/9/00, Scott wrote:
>Dan,
>
>
>Couldn't he just chmod /etc/passwd to 600? Thus disallowing viewing of this
>file. What are the problems that may arise from this change?
>
--
Nitro - 3D Visualisation, Graphics & Animation
Ph (+61 2) 9810 5177 - Fx (+61 2) 9810 0199
http://www.nitro.com.au/
_______________________________________________
Redhat-list mailing list
[EMAIL PROTECTED]
https://listman.redhat.com/mailman/listinfo/redhat-list
