Securing base system file permissions.

[RecoilUK]

Hi guys

I have a gentoo system that I have just installed, I was going to try and create a chroot enviroment for users, but it seems like its to much hassle and in some circumstances cant be done, so I have decided to keep it as it is.

I,m am however a little worried about the default file permissions on the system.

Is it safe and recommended to do the following ? ....

chmod o-rwx /*

Will it break anything?

How can I also stop users from reading files that arent in there home directory?

Can I do the following safelt and will it break anything? ...

chmod g-rw /*

Thanks guys
_________________
RecoilUK

[imp]

Yes, it will break almost everything for users not in the root group. You must keep atleast r on the files, and rx on the dirs for other.

Take a look yourself: ls -l /usr, for example. Who owns those dirs and files beneath?
_________________
blog :: bookmarks

[RecoilUK]

Hi thanks for the reply.

Besides the root user, there will be one other user whose sole purpose is to su.

Then a few other users who will only be running a game server, the files needed for each game server will be located in there home dir.

Besides that, I,m running shorewall and sshd.

Thats everything the machine will be doing.

Surely everything in /bin should only be run as root, cant I chmod go-rwx that?

Thanks
_________________
RecoilUK