I'm setting up a debian box with shared webhhosts.
These users don't have ssh permissions, just ftp.
The users are allowed to use PHP and I setup suphp
for that so the php processes runs under their own user account, etc.
I'm a little bit worried about the security of the system files, especially the /etc
folder. I notice that most files in this directory have permissions like:
drwxr-xr-x 2 root root 4096 Mar 4 20:00 pam.d
-rw-r--r-- 1 root root 1358 Mar 5 00:48 passwd
-rw------- 1 root root 1358 Mar 5 00:48 passwd-
drwxr-xr-x 2 root root 4096 Feb 18 14:22 pear
drwxr-xr-x 4 root root 4096 Apr 29 2010 perl
drwxr-xr-x 6 root root 4096 Feb 18 14:22 php5
drwxr-xr-x 2 root root 4096 Mar 4 17:42 phpmyadmin
Are the read-world permissions which debian standard gives the files in /etc
really needed? What's the best mask I can give those files? Are there any files in /etc
that should be world readable?
Best Answer
The default permissions are fine, and needed. If you e.g. didn't leave passwd world readable, a lot of user-related functionality would stop working. File such as /etc/shadow shouldn't be (and aren't) world readable.
Trust the OS to get this right, unless you know very well that the OS is wrong.