Protecting against downloads

Steve Ralston sralston at srwic.UUCP
Fri Sep 14 22:00:29 AEST 1990


In article <3952 at quiche.cs.mcgill.ca>
   mikey at quiche.cs.mcgill.ca (Michael GALLOP) writes:

>Exactly, what you can do is:
>chmod 711 /usr/bin/* 
>Which produces (I think :-)) rwx--x--x on every file in /usr/bin

I would NOT recommend that anyone execute the above command on their **IX
system.  Reason:  You will break most every program that relies on SETUID
and/or SETGID permissions.  Unless you KNOW (or have recorded) the default
permissions [anywhere on your system], running that kind of chmod command
could cost you much effort to undo.

Much better would be:

chmod o-r /usr/bin/*		# revoke read permission from "others"
				# (other than user (owner) or group)

but then, hardly any of the programs in /usr/bin should have "other read"
perms set by DEFAULT anyway; unless you're running a fairly non-secure
system.
-- 
Steve Ralston						sralston at srwic.UUCP
235 N Zelta						voice: 316-686-2019
Wichita, KS 67206			..!uunet!ncrlnk!ncrwic!srwic!sralston



More information about the Comp.unix.sysv386 mailing list