Managing user accounts

ggaaron · Apprentice Joined: 10 May 2007 Posts: 217

I'd like to limit user's access to system files - hide from them this what they don't need to see. I cannot deny them access to everything because they will not be able to run programs. I'm afraid of destroying my system, so I ask for help here, for which folders I can deny read from users, and how to do this, so system users like portage or distcc would work as they should?

Thanks in advance
Aaron

likewhoa · Posted: Wed Sep 05, 2007 2:59 pm Post subject:

consider a hardened kernel using any of the following pax,grp,selinux or more.

ggaaron · Apprentice Joined: 10 May 2007 Posts: 217

Actually I don't think I need hardened gentoo, the control system which is already there should be sufficient if I knew how to use it not destroying my system=)

Rob1n · Posted: Wed Sep 05, 2007 3:58 pm Post subject:

What are you trying to hide from them? Things are usually set up by default to restrict access for regular users to directories/files they shouldn't see. Beyond that it gets tricky - you can't disable acces to most of the config files as applications often run under user accounts. You can probably change /etc/init.d, /etc/runlevels, /etc/conf.d to disable world read access (since these should only be accessed by root).

ggaaron · Apprentice Joined: 10 May 2007 Posts: 217

I know about config files=/
I'd like to be safe, and even when I make a mistake by a command like chmod 0755 file to make it executable, so users won't feast on such a mistake. I know that I shouldn't make such mistakes, but it happens. And after it is hard to find such file.

And that is why I posted it there, I don't know if it is even possible to make such a thing, and not make user's accounts useless.