I want to make my ubuntu 12.04 server a little more secure. Actually I would like to have paranoid security as of file permissions and a usable system as well. (this is my main goal)
For starters I would like to change the default permissions under the / folder. These permissions are by default set to 755 for most folders (rwxr-xr-x). I would like to change them to 751. Do you think this might cause a problem? If so why would it? Does the OS need read permissions for others?
I can understand that a user (like www-data) should be able to cd in a directory but why does he need to be able to read its contents if it is provided with the full path? I searched for a resource of strict file permissions but all I can find is acls. I would like to try the other approach first.
No comments:
Post a Comment