home
***
CD-ROM
|
disk
|
FTP
|
other
***
search
/
chilidog.highland.cc.ks.us
/
chilidog.highland.cc.ks.us.zip
/
chilidog.highland.cc.ks.us
/
backup
/
bradford.20110502.etc.tar.gz
/
bradford.20110502.etc.tar
/
etc
/
permissions
< prev
next >
Wrap
Text File
|
2006-04-22
|
9KB
|
188 lines
# /etc/permissions
#
# Copyright (c) 2001 SuSE GmbH Nuernberg, Germany. All rights reserved.
#
# Author: Roman Drahtmueller <draht@suse.de>, 2001
#
# This file is used by SuSEconfig and chkstat to check or set the modes
# and ownerships of files and directories in the installation.
#
# There is a set of files with similar meaning in a SuSE installation:
# /etc/permissions (This file)
# /etc/permissions.easy
# /etc/permissions.secure
# /etc/permissions.paranoid
# /etc/permissions.local
# Please see the respective files for their meaning.
#
#
# Format:
# <file> <owner>:<group> <permission>
#
# How it works:
# Change the entries as you like, then call
# `chkstat -set /etc/permissions┤ or /etc/permissions.{easy,secure,paranoid}
# respectively, or call `SuSEconfig┤ as yast do after they think
# that files have been modified in the system.
#
# SuSEconfig will use the files /etc/permissions and the ones ending
# in what the variable PERMISSION_SECURITY from
# /etc/sysconfig/security contains. By default, these are the files
# /etc/permissions, /etc/permissions.easy and /etc/permissions.local
# for local changes by the admin. In addition, the directory
# /etc/permissions.d/ can contain permission files that belong to
# the packages they modify file modes for. These permission files
# are to switch between conflicting file modes of the same file
# paths in different packages (popular example: sendmail and
# postfix, path /usr/sbin/sendmail).
#
# SuSEconfig's usage of the chkstat program can be turned off completely
# by setting CHECK_PERMISSIONS to "warn" in /etc/sysconfig/security.
#
# /etc/permissions is kept to the bare minimum. File modes that differ
# from the settings in this file should be considered broken.
#
# Please see the headers of the files
# /etc/permissions.easy
# /etc/permissions.secure
# /etc/permissions.paranoid
# as well as
# /etc/permissions.local
# for more information about their particular meaning and their setup.
#
# root directories:
#
/ root:root 755
/root root:root 700
/tmp root:root 1777
/tmp/.X11-unix/ root:root 1777
/tmp/.ICE-unix/ root:root 1777
/dev root:root 755
/bin root:root 755
/sbin root:root 755
/lib root:root 755
/etc root:root 755
/home root:root 755
/boot root:root 755
/opt root:root 755
/usr root:root 755
#
# /var:
#
/var/tmp root:root 1777
/var/tmp/vi.recover/ root:root 1777
/var/log root:root 755
/var/spool root:root 755
/var/spool/atjobs at:at 700
/var/spool/atjobs/.SEQ at:at 600
/var/spool/atjobs/.lockfile at:at 600
/var/spool/atspool at:at 700
/var/spool/cron root:root 700
/var/spool/mqueue root:root 700
/var/spool/news news:news 775
/var/spool/uucp uucp:uucp 755
/var/spool/voice root:root 755
/var/spool/mail root:root 1777
/var/adm root:root 755
/var/adm/backup root:root 700
/var/cache root:root 755
/var/cache/fonts root:root 1777
/var/cache/man man:root 755
/var/yp root:root 755
/var/run/nscd/socket root:root 666
/var/run/sudo root:root 700
#
# log files that do not grow remarkably
#
/var/log/faillog root:root 600
# This file is not writeable by gid tty so that the information
# therein can be trusted.
/var/log/lastlog root:tty 644
#
# some device files
#
/dev/zero root:root 666
/dev/null root:root 666
/dev/full root:root 622
/dev/ip root:root 660
/dev/initrd root:disk 660
/dev/kmem root:kmem 640
#
# /etc
#
/etc/lilo.conf root:root 600
/etc/passwd root:root 644
/etc/shadow root:shadow 640
/etc/init.d root:root 755
/etc/HOSTNAME root:root 644
/etc/hosts root:root 644
# Changing the hosts_access(5) files causes trouble with services
# that do not run as root!
/etc/hosts.allow root:root 644
/etc/hosts.deny root:root 644
/etc/hosts.equiv root:root 644
/etc/hosts.lpd root:root 644
/etc/ld.so.conf root:root 644
/etc/ld.so.cache root:root 644
/etc/opiekeys root:root 600
/etc/smpppd.conf root:root 600
/etc/smpppd-c.conf root:dialout 640
/var/run/smpppd root:dialout 750
/etc/ppp root:dialout 750
/etc/ppp/chap-secrets root:root 600
/etc/ppp/pap-secrets root:root 600
# sysconfig files:
/etc/sysconfig/network/providers root:root 700
# utempter
/usr/sbin/utempter root:tty 2755
# changing the global ssh client configuration makes it unreadable
# and therefore useless. Keep in mind that users can bring their own client!
/etc/ssh/ssh_host_key root:root 600
/etc/ssh/ssh_host_key.pub root:root 644
/etc/ssh/ssh_config root:root 644
/etc/ssh/sshd_config root:root 640
#
# legacy
#
# don't set the setuid bit on suidperl! Set it on sperl instead if
# you really need it as suidperl is a hardlink to perl nowadays.
/usr/bin/suidperl root:root 755
# this made my X die. As punishment it gets the setuid bit removed.
# Use it directly as root if you need it.
/usr/X11R6/bin/dga root:root 755
# cdrecord does not need to be setuid root as it uses resmgr for
# accessing the devices. Access to that one can be configured in
# /etc/resmgr.conf
/usr/bin/cdrecord root:root 755
# new traceroute program by Olaf Kirch does not need setuid root any more.
/usr/sbin/traceroute root:root 755
# netatalk printer daemon: sgid not needed any more with cups.
/usr/sbin/papd root:lp 0755
# safe as long as we don't change files below it (#103186)
/var/games/ games:games 0775
# No longer common. Set setuid bit yourself if you need it
# (#66191)
#/usr/bin/ziptool root:trusted 4750