Using access controls to protect your system


Apply good access controls to all files on your system.

Poor access control can have surprising consequences.

The "umask" can prevent bad default permissions; umask 022 will prevent creation of world-writable files, and umask 077 will create files accessible only to the owner.

Discourage users from creating their own world-writable files and directories, to prevent possible exploitation of their accounts.

Use packet filtering or TCP wrappers to limit access to network services to only those hosts that need to access them. Services like RPC, file sharing, or printing usually don't need to be accessible to the entire world.

Next ->


Steve VanDevender
Last modified: Wed Jul 7 14:50:09 PDT 2004