passwords in configuration files (right way to protect them ?)
 

Hi,

I've been setting up my /etc/profile file with the correct parameters that our proxyserver needs.

This includes identification via username and password on the proxyserver.

If I look at the default file permissions... everyone has read permission on the /etc/profile file.
This means the password I've entered is visible to everyone if I don't do anything to "fix" this...

Are there certain options to protect these types of configuration files other than just changing the permissions ?

Also, can changing permissions to keep configuration files from being read by "unauthorized" users conflict with the normal way things should work or IS changing the permissions in general the right way to keep those passwords or other sensitive information inaccessible to most users ?

Thanks

hi, svu.

Try to create ~/.bash_profile and put the data there. I haven't tried but I'm sure that you can chmod this file for being read only by you and everything will work well.
http://tldp.org/LDP/Bash-Beginners-G...ect_03_01.html section 3.1.2.

Thanks, but I seem to prefer the system wide settings via /etc/profile ...
I'm still wondering if it's good practice to chmod the files with sensitive content in them so only the owner (root in this case) can read it.