View previous topic :: View next topic |
Author |
Message |
ggaaron Apprentice
Joined: 10 May 2007 Posts: 217
|
Posted: Wed Sep 05, 2007 2:38 pm Post subject: Managing user accounts |
|
|
I'd like to limit user's access to system files - hide from them this what they don't need to see. I cannot deny them access to everything because they will not be able to run programs. I'm afraid of destroying my system, so I ask for help here, for which folders I can deny read from users, and how to do this, so system users like portage or distcc would work as they should?
Thanks in advance
Aaron |
|
Back to top |
|
|
likewhoa l33t
Joined: 04 Oct 2006 Posts: 778 Location: Brooklyn, New York
|
Posted: Wed Sep 05, 2007 2:59 pm Post subject: |
|
|
consider a hardened kernel using any of the following pax,grp,selinux or more. |
|
Back to top |
|
|
ggaaron Apprentice
Joined: 10 May 2007 Posts: 217
|
Posted: Wed Sep 05, 2007 3:50 pm Post subject: |
|
|
Actually I don't think I need hardened gentoo, the control system which is already there should be sufficient if I knew how to use it not destroying my system=) |
|
Back to top |
|
|
Rob1n l33t
Joined: 29 Nov 2003 Posts: 714 Location: Cambridge, UK
|
Posted: Wed Sep 05, 2007 3:58 pm Post subject: |
|
|
What are you trying to hide from them? Things are usually set up by default to restrict access for regular users to directories/files they shouldn't see. Beyond that it gets tricky - you can't disable acces to most of the config files as applications often run under user accounts. You can probably change /etc/init.d, /etc/runlevels, /etc/conf.d to disable world read access (since these should only be accessed by root). |
|
Back to top |
|
|
ggaaron Apprentice
Joined: 10 May 2007 Posts: 217
|
Posted: Wed Sep 05, 2007 4:06 pm Post subject: |
|
|
I know about config files=/
I'd like to be safe, and even when I make a mistake by a command like chmod 0755 file to make it executable, so users won't feast on such a mistake. I know that I shouldn't make such mistakes, but it happens. And after it is hard to find such file.
And that is why I posted it there, I don't know if it is even possible to make such a thing, and not make user's accounts useless. |
|
Back to top |
|
|
|