|
securing /etc/profile and /etc/bashrc
Changing umask value for files and directories take effect after reload:
/etc/profile /etc/bashrc default permission for all users: -rw-r--r-- above permission is edited to: -rw-rw-r-- If a specific user in group having only read permission to a file/directory is created before reload,and Linux server reloads, that user gets rw permission to that file/directory. what is the alternative of securing: /etc/profile /etc/bashrc apart from giving the two files access to root user only, and locking out all other users? |
secure?
Not sure the point of the question. Default ownership of those files should be root:root and permissions 644 (rw-r--r--) giving only root write access. If you open the group, it would make no difference UNLESS you add some other account to the root group. (or change a combination of things).
If you want these files more secure: they are already secure as normal ACL controls allow and still function. |
Thanks
Default ownership of file is root and only root has write privileges. Different user I used to login earlier was in root group. Other users created cannot access the files |
Quote:
If you NEED to give some outer users SOME!!! root control, that is what "SUDO" is for . if you are really paranoid use a OS that uses SELinux RHEL,CentOS,Fedora ( suse ? it can but a custom build ) be aware if the ownership and se context of "bashrc" & "profile" are wrong or edited so that a NON root user can edit it SELinux will STOP!!!! the boot with a WARNING!!!! |
| All times are GMT -5. The time now is 02:15 PM. |