On 2017-06-28 10:05 AM, Lennart Sorensen wrote:
On Tue, Jun 27, 2017 at 07:53:02PM -0400, Kevin Cozens via talk wrote:
You may also want to "chmod 711 /etc", FWIW.
How well does that work out? So regular users (and services not running
as root) can't resolve dns anymore (can't read nsswitch.conf or
resolv.conf). That sounds inconvinient.
It works out well. I've been doing it for years. It seems some people
somehow misread or misunderstood the chmod. I meant "chmod" and definitely
not "chmod -R" as I think some people chose to interpret it.
It will inconvenience someone needing to do something on the machine where
they have to look at some file in /etc. They will typically to su to root
first or use sudo.
The main idea is that it limits some of the casual poking around on the
machine that some non-root, non-staff users of the machine may want to do.
It won't do much to slow down some system cracker who manages to illegally
gain access to a system.
BTW, I liked that comment about temporarily changing perms on /tmp just to
mess with the heads of some users. :)
--
Cheers!
Kevin.
http://www.ve3syb.ca/ |"Nerds make the shiny things that distract
Owner of Elecraft K2 #2172 | the mouth-breathers, and that's why we're
| powerful!"
#include <disclaimer/favourite> | --Chris Hardwick
---
Talk Mailing List
[email protected]
https://gtalug.org/mailman/listinfo/talk
