Protecting against downloads
Steve Ralston
sralston at srwic.UUCP
Fri Sep 14 22:00:29 AEST 1990
In article <3952 at quiche.cs.mcgill.ca>
mikey at quiche.cs.mcgill.ca (Michael GALLOP) writes:
>Exactly, what you can do is:
>chmod 711 /usr/bin/*
>Which produces (I think :-)) rwx--x--x on every file in /usr/bin
I would NOT recommend that anyone execute the above command on their **IX
system. Reason: You will break most every program that relies on SETUID
and/or SETGID permissions. Unless you KNOW (or have recorded) the default
permissions [anywhere on your system], running that kind of chmod command
could cost you much effort to undo.
Much better would be:
chmod o-r /usr/bin/* # revoke read permission from "others"
# (other than user (owner) or group)
but then, hardly any of the programs in /usr/bin should have "other read"
perms set by DEFAULT anyway; unless you're running a fairly non-secure
system.
--
Steve Ralston sralston at srwic.UUCP
235 N Zelta voice: 316-686-2019
Wichita, KS 67206 ..!uunet!ncrlnk!ncrwic!srwic!sralston
More information about the Comp.unix.admin
mailing list