On Tue, May 5, 2020 at 6:45 PM Zer0Cool <[email protected]> wrote: > For the directories/files, what are your thoughts on the file permissions? > > I was thinking 0750 in cases the owner needs write, maybe 0550 when write > is > not needed? > > Not really set on what approach to take here in setting this. I will play > around with it a bit once I get to the point the script actually stands > everything up in a functional way, but still nice to bounce ideas off > others. > > > My model is "least privilege", so I'd say the minimum required to allow the software to function properly. The reality is that, after you get things set and installed, you generally don't need to modify much in the /etc/guacamole directory, and certainly not in the binary directories, so it's probably best/safest to remove write access from all users. But, that may be a little more on the paranoid side.
-Nick
