Re: file permission question
/etc/passwd (probably really /etc/pwd.db) are used for several user-land programs including 'ls'. It's highly recommended that /etc/passwd stay readable to the world. Btw, the output of 'ps' can be easily reconstructed via access to the /proc filesystem. You can unmount this partition, but ps will operate differently. With /proc unmounted, you can still get a process listing for everyone - you can disable this by setting the sysctl kern.ps_showallprocs to 0. On Mon, 1 Oct 2001, default wrote: Hi, I am allowing a couple of ppl to have a shell account on one of my machines, and I am making a few changes to disallow them from using certain things... like chmoding the 'ps' command to 550 etc... I wanted to ask, is there any reason why one wouldn't want to chmod to 640 the passwd file and other similar files? ... Thanks, Jordan To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-security in the body of the message To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-security in the body of the message ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: file permission question
On Mon, 1 Oct 2001, default wrote: Hi, I am allowing a couple of ppl to have a shell account on one of my machines, and I am making a few changes to disallow them from using certain things... like chmoding the 'ps' command to 550 etc... I wanted to ask, is there any reason why one wouldn't want to chmod to 640 the passwd file and other similar files? ... the base system is relativly secure on it's own. changing the permissions on things like the passwd file breaks some programs that need it to read user information. since the encrypted passwords are in /etc/master.passwd, (which is permission 0600) you don't really need to change that. honestly, changing permissions of 'standard' applications and utilities is not going to stop a determined user on your server from abusing resources. since having any users, other than yourself, on a machine is technically a security risk. your best bet is to meticuously comb through your installed files, and only allow trusted users on your machines. ---/ f. johan beisser /--+ http://caustic.org/~jan [EMAIL PROTECTED] if my thought-dreams could be seen.. they'd probably put my head in a gillotine -- Bob Dylan To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-security in the body of the message ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: File permission question
From: Kevin D. Kinsey, DaleCo, S.P. [EMAIL PROTECTED] How Can ThisBe wrote: My question is, when I make a new file or directory in ~/public_html (with chown tigger:www), the file is made with the following permission: -rw-r--r-- 1 tigger www 0 Nov 15 13:42 public_html/test1.php How can I make new files without the world readable flag set, within the public_html directory? Change your umask. But I only want the creation of new files and directories in the ~/public_html folder to inherit these permission. Everything else should stay the same. I guess if this is the only solution it would do, but, I was hoping for a per-directory setting. _ Hot chart ringtones and polyphonics. Go to http://ninemsn.com.au/mobilemania/default.asp ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: File permission question
How Can ThisBe wrote: Hi, I've just noticed a small issue, which I'm sure others are aware of. For apache to server users webpages, apache need to be able to read files and directories. So we have something like the following (by default) on FreeBSD; [EMAIL PROTECTED]:~% ls -Al ./ public_html/index.php | grep pub -rw-r--r-- 1 tigger tigger 16 Mar 24 2002 public_html/index.php drwxr-xr-x 12 tigger tigger 512 Aug 14 02:04 public_html/ However, the following set-up is a little more secure (users can not read other users includes files for a start) and works fine; [EMAIL PROTECTED]:~% ls -Al ./ public_html/index.php | grep pub -rw-r- 1 tigger www 16 Mar 24 2002 public_html/index.php drwxr-x--- 12 tigger www 512 Aug 14 02:04 public_html/ My question is, when I make a new file or directory in ~/public_html (with chown tigger:www), the file is made with the following permission: -rw-r--r-- 1 tigger www 0 Nov 15 13:42 public_html/test1.php How can I make new files without the world readable flag set, within the public_html directory? Change your umask. ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]