Re: [Freeipa-users] deny read Access to passwd for external users

[Jakub Hrozek]

> On 17 Dec 2015, at 11:35, José Garcia  wrote:
> 
> Hi guys, merry christmas and happy new year.
> 
> I have a freeipa (4.1.0) server on a centos 7 machine and its working fine 
> even with active directory integration.
> 
> But I would like to know if is it possible to deny read access to certain  
> system configuration files and directories 
> within the server and on clients , such as /etc/passwd  for example.

Same as for any users - either with UNIX DAC file permissions or SELinux. There 
is really nothing special about IPA users with this respect.

btw The IPA users are not stored in /etc/passwd and in general the data in 
/etc/passwd is not sensitive.
> -- 
> Best Regards
> -- 
> Manage your subscription for the Freeipa-users mailing list:
> https://www.redhat.com/mailman/listinfo/freeipa-users
> Go to http://freeipa.org for more info on the project


-- 
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

[Freeipa-users] deny read Access to passwd for external users

[José Garcia]

Hi guys, merry christmas and happy new year.

I have a freeipa (4.1.0) server on a centos 7 machine and its working
fine even with active directory integration.

But I would like to know if is it possible to deny read access to
certain  system configuration files and directories 
within the server and on clients , such as /etc/passwd  for example.
-- 
Best Regards
-- 
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project