Subject: Re: /var vs. /etc (crontabs, etc): don't let users fill the root
To: Dave Burgess <firstname.lastname@example.org>
From: Greg A. Woods <email@example.com>
Date: 03/16/1995 17:16:48
[ On Thu, March 16, 1995 at 12:37:01 (-0600), Dave Burgess wrote: ]
> Subject: Re: /var vs. /etc (crontabs, etc): don't let users fill the root
> On a related, although admittedly tangential note:
> I am going through my system trying to secure it from net attack. I
> have a couple of questions that someone here may be able answer better
> than I have:
> 1) Should the hard drives be group readable? The MAKEDEV script sets
> them up that way.
I think they need to be group readable if you want any non-root users to
be able to do dumps, read disk labels, etc.
> 2) The /etc/motd that gets built during bootup is set up mode 666. My
> book says 644. I am inclined to 644 myself. Any other thoughts?
644 or 664. IMNSHO, there shouldn't be anything on the root partition
that's world writable, and esp. not in /etc.
Ordinary users can use msgs(1) to tell the world their troubles should
you so configure it for them to do so.
> 3) /etc/security is world readable. Does that cause anyone concern?
Why should it?
> 4) /kern is group and world readable / executable. Do userland
> processes need to be able to read the contents of /kern?
I'd say so.... Take for instance /kern/loadavg. You could probably
take search permission away from the directory, but everything under
there is well documented regardless....
> 5) /var/spool/uucppublic is world writable. While this makes sense to
> me, my book says no. Ideas?
It depends entirely on what you use UUCP for, what concerns you have
about the partition /var/spool/uucppublic resides on, etc., etc.
Greg A. Woods
+1 416 443-1734 VE3TCP robohack!woods
Planix, Inc. <firstname.lastname@example.org>; Secrets Of The Weird <email@example.com>