On Wed, Jul 09, 2003 at 12:06:33PM -0300, Fryclau wrote: > > I'am the the root user to applying the chmod... > The system works fine, but I don't like to leave the security access of > each file in the disk with R-X to other users.. > > When some user login without privileges he could do something like this: > > Cat /etc/hosts > > And it works find !!!! > > I don't think this is good to my security. > > All files come like this -rw-r--r-- and I would like to change it to > something like this -rw-r-----
You're right - there is a security hole there. For example, I don't think it's a good idea that the password file is world readable since it gives information out that you may not want to share. However, there is a strong history as to what the file permissions are, and MANY applications rely on them. If you change the permissions, you WILL break something. You may not notice it now, but eventually you'll be grumbling about why some new application won't work. You may notice it now - in fact, the first non-root user that tries to sign on may be in for a nasty surprise. I certainly would not do this on a production system without extensive testing first. I would strongly expect that vendors would not leave things any more open than they need to be for core system files. In other words, they probably know more than you do and have set the permissions that way for a good reason. > > -----Original Message----- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] > On Behalf Of Gordon Messmer > Sent: Wednesday, July 09, 2003 1:16 AM > To: [EMAIL PROTECTED] > Subject: Re: Read & Exec by default - RH9 - why? > > Fryclau wrote: > > > > Anybody know why redhat 9 set by default reading and execution access > to > > other users??? > > What, the system directories? ...because the shell has to be able to > read the directories in order to search the PATH, and the user has to be > > able to "x" a directory in order to read or execute files inside of it. > > > Is it right applying this? > > > > cd / > > chmod o-r -R * > > Absolutely, positively, no. Only the root user would be able to do > anything. Most of your daemons wouldn't even work any more. > > > Does anyone know why should I leave my filesystem like this? > > Because it works? -- Ed Wilts, Mounds View, MN, USA mailto:[EMAIL PROTECTED] Member #1, Red Hat Community Ambassador Program -- redhat-list mailing list unsubscribe mailto:[EMAIL PROTECTED] https://www.redhat.com/mailman/listinfo/redhat-list
