..now I'm dealing with it, i might as well do it all.. ;-) I was looking at some files in the /etc dir. See some files: -rw-r--r-- 1 root root 1323 Dec 21 14:43 smb.conf -rw------- 1 root root 113 Aug 6 2000 smbpasswd -rw-r--r-- 1 root root 2 Aug 6 2000 snmpd.agentinfo -rw-r--r-- 1 root root 2018 Aug 6 2000 snmpd.conf drwxr-xr-x 2 root root 4096 Oct 10 20:05 snort -rw-r--r-- 1 root root 7004 Aug 6 2000 sockd.conf -rw-r--r-- 1 root root 3079 Aug 6 2000 socks.conf -rw-r--r-- 1 root root 65872 Dec 17 07:42 squid.conf drwxr-xr-x 2 root root 4096 Oct 11 02:55 ssh -rw------- 1 root root 0 Aug 6 2000 su1.cache -r-------- 1 root root 980 Aug 6 2000 su1.priv -rw-r----- 1 root root 294 Aug 6 2000 sudoers -rw-r--r-- 1 root root 1012 Nov 3 20:23 syslog.conf -rw-r--r-- 1 root root 6 Oct 27 20:33 syslog.conf.lock -rw-r--r-- 1 root root 808940 Aug 6 2000 termcap -rw-r--r-- 1 root root 258 Feb 20 1995 ttytype drwxr-xr-x 2 uucp uucp 4096 Oct 10 19:47 uucp -rw-r--r-- 1 root root 4352 Aug 6 2000 vimrc -rw-r--r-- 1 root root 17369 Aug 6 2000 webalizer.conf -rw-r--r-- 1 root root 3313 Aug 6 2000 wgetrc My users don't need to read smb.conf or snmpd.agentinfo.... or almost any other file in here, as well as many other system-directories. Why is my passwd-file marked as rw-r--r-- ?? Shouldn't it be rw-r----- ? When an ordinary user logs in, he can just read my passwd-file, configurationfiles, almost everything is in the open. What can I do? I reckon: cd / chmod -R o-rw . isn't going to help me here. Is there a script that sets the correct filepermissions so that users cannot read files they have nothing to do with? TIA, Rogier Maas
hi, On Sat, Dec 22, 2001 at 11:49:00AM +0100, Rogier Maas wrote:
..now I'm dealing with it, i might as well do it all.. ;-)
I was looking at some files in the /etc dir. See some files: My users don't need to read smb.conf or snmpd.agentinfo.... or almost any other file in here, as well as many other system-directories. Why is my passwd-file marked as rw-r--r-- ?? Shouldn't it be rw-r----- ? i'm not sure but under which account does the login run. it may differ if you use graphical login or text login only. Is there a script that sets the correct filepermissions so that users cannot read files they have nothing to do with? see packet harden_suse. its in sec section of yast. ciao sascha
-- Sascha Andres linux@programmers-world.com http://www.programmers-world.com
Rogier Maas schrieb:
..now I'm dealing with it, i might as well do it all.. ;-)
I was looking at some files in the /etc dir. See some files:
[...]
My users don't need to read smb.conf or snmpd.agentinfo.... or almost any other file in here, as well as many other system-directories. Why is my passwd-file marked as rw-r--r-- ?? Shouldn't it be rw-r----- ? When an ordinary user logs in, he can just read my passwd-file, configurationfiles, almost everything is in the open. What can I do? I reckon:
Hi Rogier, you can enter file path's in /etc/permissions.local to change that. And run SuSEconfig afterwards. /etc/passwd *must* be raedable to users, the actual passwords reside in /etc/shadow (for just that reason) SuSEconfig also runs from the cron dayly script, thus /etc/permissions is called / reset. That is one reason why suddenly permissions are back to what they were before you changed them. Put all your changes to permissions.local. Juergen
cd / chmod -R o-rw .
isn't going to help me here.
Is there a script that sets the correct filepermissions so that users cannot read files they have nothing to do with?
TIA, Rogier Maas
-- To unsubscribe send e-mail to suse-linux-e-unsubscribe@suse.com For additional commands send e-mail to suse-linux-e-help@suse.com Also check the FAQ at http://www.suse.com/support/faq and the archives at http://lists.suse.com
-- =========================================== __ _ Juergen Braukmann juergen.braukmann@gmx.de| -o)/ / (_)__ __ ____ __ Tel: 0201-743648 dk4jb@db0qs.#nrw.deu.eu | /\\ /__/ / _ \/ // /\ \/ / ===========================================_\_v __/_/_//_/\_,_/ /_/\_\
participants (3)
-
Juergen Braukmann
-
Rogier Maas
-
Sascha Andres