Prabhu Gurumurthy wrote:
Heinrich Rebehn wrote:
Hi list,
i am getting a daily insecurity report from my system system saying:
##########################################################
Checking special files and directories.
Output format is:
filename:
criteria (shouldbe, reallyis)
etc/pf.conf:
type (file, link)
permissions (0600, 0755)
##########################################################
I am actually using a symbolic link for /etc/pf.conf:
ls -l /etc/pf.conf*
lrwxr-xr-x 1 root wheel 11 Nov 30 17:04 /etc/pf.conf -> pf.conf.001
-rw------- 1 root wheel 10529 Nov 14 10:18 /etc/pf.conf.000
-rw------- 1 root wheel 10582 Nov 30 18:12 /etc/pf.conf.001
I do this in order to save different versions of the file.
My question: Is a symbolic link really insecure? Or is this just a
deficiency of /etc/security?
I could use hard links instead of soft links as a workaround, but then
one cannot as easily see where the link points to.
Sorry if this might sound like nitpicking, but i do not want to get
used to ignoring security warnings.
Thanks for any help,
Heinrich Rebehn
University of Bremen
Physics / Electrical and Electronics Engineering
- Department of Telecommunications -
Phone : +49/421/218-4664
Fax : -3341
Two things, use rcs.. that save you headaches, instead of multiple
versions of file, use one file, with multiple diffs.. Other the email is
really about the sym link as others pointed out. If you use RCS you can
have the versioning system in place as you already have it, although in
a scalable way IMO, and no /etc/security email about "shouldbe, reallyis"
HTH
Prabhu
-
Thanks for mentioning rcs. I have given it a try and it seems to be what
i was looking for. I had heard about rcs before and thought that it
would be overkill for managing config files, but i obviously mixed it up
with cvs(1)
--Heinrich