The "It's Just a Desktop Distro" Problem
nocturn
dlist at ubuntuforums.org
Fri Jan 7 06:46:12 CST 2005
Matt Zimmerman Wrote:
>
> That's an interesting point...perhaps we should have something on the
> websites which indicates that the servers behind them run Ubuntu?
> > > >
> >
> > That's a great idea.
> >
> > > > Matt Zimmerman Wrote:
> > >
> > >
> > > > There are some things I'd like to see though:
> > > > - Stricter file permissions on a server (my SuSE server runs with
> > > much
> > > > tighter permissions).
> > >
> > > Can you be more specific?
> > > > > > >
> >
> > I'm not on my Ubuntu system right now, so I cannot do an exact
> > comparison.
> > But SuSE uses files in /etc/ to correct permissions via a cronjob
> > (profile selected on install)
> > The files are called:
> > /etc/permissions.easy
> > /etc/permissions.secure
> > /etc/permissions.paranoid
> >
> > I've always used secure (as paranoid tend to break some things)
> >
> > With this setting, normal users can not read files that they do not
> > require, and cannot enter directories that do not contain files they
> > should see.
> >
> > I cannot even read /var/log/messages as a regular user (which would
> > be irritating on a sudo system).
> >
> > Most config files are readable by root only.
> >
> > > > Matt Zimmerman Wrote:
> > >
> > >
> > > > - Inclusion of the MIT kerberos daemons in a security-tracked
> > > branch
> > > > (now in universe).
> > >
> > > MIT Kerberos upstream has a history of being responsive to security
> > > issues,
> > > so I don't see a problem here. Please specify exactly which packages
> > > you
> > > expect.
> > > > > > >
> >
> > I use the MIT kerberos KDC, kadmind and the client utilities
> > (kinit, ...).
> > These are in universe right now.
> > Does universe for warty get the updates made by the upstream group?
--
nocturn
More information about the ubuntu-devel
mailing list