> Apache2: Apache2 starts up as root, and then changes to the > user and group specified in the config files (default is > www-data:www-data). So, if you change the group owner of > apache2 to www-data (and all the files therein), and remove > world access (chmod o-rwx), apache should still work. No > guarantees, though.
I didn't change group, but only remove world access and apache is working :) > Bind: I believe the same holds true for bind, but it's been > a long time since I've used it (I use PowerDNS now). Working > Hosts.allow, hosts.deny: Not sure about those. I heven't tested, yet > Passwd: This needs to be readable by everyone. Despite the name, > there isn't any actual password information in there (it's in > /etc/shadow). But any process that needs to look up user information > will need access. Even doing a simple "ls" command needs access. :( Passwd should have read permission, when I remove this I can log to system but bash tell something like this: I have no [EMAIL PROTECTED]:/$ > Ssh: ssh runs as root, removing world access is probably fine. Working > Network: It's probably okay to remove world access. Working too -- Best regards -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
