Would I be safe to set the permissions for every file in /etc to 644? It would allow root to still edit them and all other users to read them. Then just remove read permissions where required. Right now I have almost all files in /etc set to 777 because I was trying to fix permissions and everything broke. Also, my /var directory is all set to 777 because whenever I try to change it to something more secure, my email or something else normally breaks. What are safe permissions for /var and it's sub directories? And is it safe to set everything in /etc/sysconfig to 600? From what I can tell, only root needs read And what about /etc/init.d? It seems like it should only need root read/write permissions
You really shouldn't ever need to toy with permissions in the /etc directory...obviously you see what happens if you do and something goes wrong or you don't know what effect it will have. As far as the /var/ directory...set it to 755. Most all directories under the / should be set to 755. The only directories that have different permissions are: /tmp (777) /proc (555) Just out of curiosity, why were you messing with permissions of /etc?
I was trying to make it more secure so other shell users couldn't access certain files and everything just got screwed up. I'm going through and setting most of the files to 644 and directories to 755, except for the scripts of course. I'm testing every step of the way and it's working much better. And every single file in the /var directory is 777 so I need to go through that next and figure out proper permissions. It's all very time consuming, but that's what happens. It's a good learning experience at least.
"And what about /etc/init.d? It seems like it should only need root read/write permissions " About everything in that directory needs execute permissions. If you want to prevent shell users from access to commands check out jailkit.
