Hi, On Thu, 3 Aug 2000 mgribov@kplab.com wrote:
as one of security meausures, I learned that it is a good idea to do chmod 550 /proc/sys and chmod 550 /proc/net. First question I have, is this true? It seems right, because ordinary users cannot view network or system information, which is not a bad thing. Second question is, I implemented the above, but after a reboot permisions were back to standard ( I believe 555). How come?
The /proc filesystem is not a normal directory on your hard disk, it is just "mapped" into the directory structure. It is a very dynamic structure - I am surprised you can even chmod something inside there :) If you want to chmod this file every time you reboot, you should add the chmod command to the init script /sbin/init.d/boot.local. However, I am not sure about the benefit... Bye, LenZ -- ------------------------------------------------------------------ Lenz Grimmer SuSE GmbH mailto:grimmer@suse.de Schanzaeckerstr. 10 http://www.suse.de/~grimmer/ 90443 Nuernberg, Germany Poker Face: The face that launched a thousand chips.