Path: utzoo!utgpu!watmath!uunet!lll-winken!csd4.milw.wisc.edu!srcsip!nic.MR.NET!shamash!sialis!rjg
From: rjg@sialis.mn.org (Robert J. Granvin)
Newsgroups: unix-pc.general
Subject: Re: which unix-pc files MUST be writeable by others?
Message-ID: <1433@sialis.mn.org>
Date: 6 May 89 00:53:14 GMT
References: <587@cbnewsc.ATT.COM> <17736@cup.portal.com> <672@cbnewsc.ATT.COM> <1399@lokkur.UUCP>
Reply-To: rjg@sialis.mn.org (Robert J. Granvin)
Organization: Dr. Ho Laboratory and Day Care Center
Lines: 16

>There are a couple of accounting files
>(utmp, wtmp, a few things in /usr/adm) that need to be writable.  Getting
>right down to the bottom, everything else I made protected except
>	/etc/drvtab
>	/etc/timedsply

You may also want to consider making root (yes, /) to be NOT world
writeable.

As supplied, / comes world writeable (777), and it's very happy to be
a little more secure (755).

-- 
________Robert J. Granvin________   INTERNET: rjg@sialis.mn.org
____National Computer Systems____   CONFUSED: rjg%sialis.mn.org@shamash.cdc.com
__National Information Services__       UUCP: ...uunet!rosevax!sialis!rjg