Christopher Browne via talk wrote:
On 27 June 2017 at 19:53, Kevin Cozens via talk <talk@gtalug.org> wrote:
You may also want to "chmod 711 /etc", FWIW.
That means that non-root-space applications will have no access to their configuration in /etc, thereby breaking services.
Umm, no. The x-bit is what you need to access files inside a directory, so a non-root user can still access /etc/resolv.conf and so on. Not having the r-bit means you can't "read" the directory itself and get a list of files in it. So no filename autocompletion for you while you're trying to cat that file! However, all the filenames that matter in /etc are fairly canonical and not being able to "ls /etc" isn't really going to slow folk down much, just unnecessarily annoy them. Many years ago a coworker tried "chmod 700" on /etc etc, and chmod 600 on many key files, the upshot of which was that everything on the "secured" firewall had to run as root and it ended up less secure. -- Anthony de Boer