[PLUG] Permissions on config files
MJang
mike at linuxexam.com
Wed Jan 8 02:34:55 UTC 2014
On Tue, 2014-01-07 at 12:08 -0800, King Beowulf wrote:
> In general, Only root should have access to anything in /etc
snip
> On Tuesday, January 7, 2014, Rich Shepard wrote:
>
> > In general, is it a good practice to set config files (such as
> > /etc/httpd/httpd.conf) to 444 once they are properly structured?
> >
In the context of SELinux (no pun intended), I disagree. To enable
security with Role-based Access Control configuration files in /etc/
should be owned by the service user, e.g. /etc/tomcat6/tomcat6.conf
should be owned by user (and group) tomcat.
(IMO Red Hat sets up ownership improperly, at least to enable full
security features associated with SELinux).
Otherwise, any crack of a Linux service can compromise the root account
on that system.
Thanks,
Mike
More information about the PLUG
mailing list