Can you remove the public-read-bit from iw-home?

Hi,

Ts65Sp1 on Sol8.

I was wondering whether it is possible to remove the read-bit from all files under iw-home for others (e.g. I want to leave the user & group permissions untouched).

I'm asking because it sounds reasonable to remove read-permission from the public from files that could contain sensitive data like db-passwords etc AND because teamsite is running as root anyway.

Anybody every tried this?
Do you need to add certain users to certain groups (like iwui to bin, deamon and other)?
Is this feasible?
If not, what if I do this for 'customized'-directories only (like /local, /conf, /etc, /httpd/iw-bin, etc)?

Cheers, Ronald

Find more posts tagged with

Comments

Adam Stoller

Hi,

Ts65Sp1 on Sol8.

I was wondering whether it is possible to remove the read-bit from all files under iw-home for others (e.g. I want to leave the user & group permissions untouched).

I'm asking because it sounds reasonable to remove read-permission from the public from files that could contain sensitive data like db-passwords etc AND because teamsite is running as root anyway.

Anybody every tried this?
Do you need to add certain users to certain groups (like iwui to bin, deamon and other)?
Is this feasible?
If not, what if I do this for 'customized'-directories only (like /local, /conf, /etc, /httpd/iw-bin, etc)?

Cheers, Ronald

I would suggest