> My advice? Go ahead and restrict permissions under /etc if you insist,
> but don't be surprised to find stuff suddenly failing to work!
OK. Thank You Dave for advices... I remove world access apache, bind and
some other files, catalogs... It looks like works normal and users don't
have access.
> Apache2: Apache2 starts up as root, and then changes to the
> user and group specified in the config files (default is
> www-data:www-data). So, if you change the group owner of
> apache2 to www-data (and all the files therein), and remove
> world access (chmod o-rwx), apache should still work.
On Tuesday, 06.02.2007 at 11:20 -0800, Kevin Ross wrote:
> Ssh: ssh runs as root, removing world access is probably fine.
Although don't forget that /etc/ssh includes ssh_config, which is a
default *client* host-wide configuration file, which might is used by
all local ssh client invocations. I
> > Files in /etc are designed to be readable to all processes,
> including
> > user processes. For example, /etc/resolv.conf for looking up hosts,
> > /etc/passwd for user details and so on. Anything which
> explicitly needs
> > to be hidden from normal users can have appropriate permissions s
> Files in /etc are designed to be readable to all processes, including
> user processes. For example, /etc/resolv.conf for looking up hosts,
> /etc/passwd for user details and so on. Anything which explicitly needs
> to be hidden from normal users can have appropriate permissions set,
> e.g. /e
On Tuesday, 06.02.2007 at 12:45 +0100, Jarek Buczyński wrote:
> > You can change the permissions for home directories so that users
> > cannot see each others; you can also change the permissions for
> > /root so that it is invisible to non-root users (chmod 700 ...)
>
> OK. I've done this. But a
On Tue, Feb 06, 2007 at 12:45:57PM +0100, Jarek Buczy?ski wrote:
>
> I'd like my users don't access to some file for example /etc/*, they
> shouldn't see apache, bind, ftp etc config file. I think it's good practice,
> probably :)
>
Have you looked at rssh? It restricts the user to a chroot that
Hello
> You can change the permissions for home directories so that users cannot
> see each others; you can also change the permissions for /root so that
> it is invisible to non-root users (chmod 700 ...)
OK. I've done this. But at /root/ catalog I have some scripts, this scripts
have symbolic l
On Tuesday, 06.02.2007 at 11:08 +0100, Jarek Buczyński wrote:
> How restrict default policy in debian: users (who have ssh account)
> can read files in /etc, /root, /home/other_users etc.
>
> I'd like change this, simultaneously don't cause conflicts with other
> working daemon
You can change t
9 matches
Mail list logo
