Xref: utzoo comp.unix.sysv386:431 comp.unix.admin:137 Path: utzoo!attcan!uunet!ncrlnk!ncrwic!srwic!sralston From: sralston@srwic.UUCP (Steve Ralston) Newsgroups: comp.unix.sysv386,comp.unix.admin Subject: Re: Protecting against downloads Message-ID: <188@srwic.UUCP> Date: 14 Sep 90 12:00:29 GMT References: <22@tdw205.ed.ray.com> <3952@quiche.cs.mcgill.ca> Followup-To: comp.unix.admin Organization: Steve Ralston Wichita, KS Lines: 25 In article <3952@quiche.cs.mcgill.ca> mikey@quiche.cs.mcgill.ca (Michael GALLOP) writes: >Exactly, what you can do is: >chmod 711 /usr/bin/* >Which produces (I think :-)) rwx--x--x on every file in /usr/bin I would NOT recommend that anyone execute the above command on their **IX system. Reason: You will break most every program that relies on SETUID and/or SETGID permissions. Unless you KNOW (or have recorded) the default permissions [anywhere on your system], running that kind of chmod command could cost you much effort to undo. Much better would be: chmod o-r /usr/bin/* # revoke read permission from "others" # (other than user (owner) or group) but then, hardly any of the programs in /usr/bin should have "other read" perms set by DEFAULT anyway; unless you're running a fairly non-secure system. -- Steve Ralston sralston@srwic.UUCP 235 N Zelta voice: 316-686-2019 Wichita, KS 67206 ..!uunet!ncrlnk!ncrwic!srwic!sralston