Subject: Re: permissions & rc.conf
To: Jan Danielsson <firstname.lastname@example.org>
From: Steven M. Bellovin <email@example.com>
Date: 08/23/2005 13:31:17
In message <430B28B5.firstname.lastname@example.org>, Jan Danielsson writes:
> On a more security related note: Why is it that most files in /etc
>are readable by everyone by default? Files like rc.conf are only of
>interrest to init/root, right? If so, why aren't they more restricted by
Why shouldn't they be readable by default? What is the threat you're
trying to defend against?
Make something read-protected if there's a problem, either because the
data is inherently secret (i.e., keying material) or because you're
trying to conceal something about local security policy that isn't
readily discernible by other means. Very little, if anything, in
rc.conf fits that description.
--Steven M. Bellovin, http://www.cs.columbia.edu/~smb