Quoting Bob ([EMAIL PROTECTED]): > I have three debian based boxes running (two Corel and one potato.) On all > three machines, the default install is to allow everyone on the system to view > every directory, including each other's home directories. This is true when > using telnet or ftp as well. I really have no need to read my son's > directories nor he mine.
That's an internal policy issue which you really have to decide for yourself. Individual user groups is a similar issue. > I have two questions (for now): What is the permissions setting for the home > directories. I suspect it should be something like rwx------ or rwxrwx--- if > the group is unique to the specific username. Is this correct? Is one > preferable to the other? Debian has IIRC vacillated between rwxr-s--- and rwxr-x---. Group-writable is just plain wrong. It's either not required (user groups) or it's a security hole (real groups). > to identify specific machines in this file, such as hounddog.foobar.com? Only in your own trusted domain, where you have control. Otherwise evil.foobar.com just changes its name to hounddog.foobar.com in order to connect to your machine. Cheers, -- Email: [EMAIL PROTECTED] Tel: +44 1908 653 739 Fax: +44 1908 655 151 Snail: David Wright, Earth Science Dept., Milton Keynes, England, MK7 6AA Disclaimer: These addresses are only for reaching me, and do not signify official stationery. Views expressed here are either my own or plagiarised.
