[cod] Suggestions on file ownership and file permissions for CoD files.
Kendokan
kendokan at amateur-hour.net
Mon Nov 24 16:04:59 EST 2003
You can run your server under an individual user/group account (i.e. user
cod, group cod), and no root privs are necessary. File ownership probably
isn't that big of a deal, but you can make them 500 (for executables), 400
(for other files), and 700 (for directories) and everything should run
fine.
If you are concerned about security exploits and have other, more valuable
information on the server, consider running cod under a chroot'ed process.
I'm not doing this myself, as I don't care about any of the information on
the server, but it shouldn't be all that hard to accomplish. Under chroot,
if someone is able to exploit a vulnerability in the server code, they
will only be able to see and manipulate files in the chroot system, which
should ideally include just enough to make the server run and nothing
else.
-doug/kendokan
> I was interested in hearing what would be a good way of limiting CoD's
access to root on my linux server. I currently have cod installed and
owned
> by a user on the server. That same user is part of group wheel and root.
>
> Can I run CoD as another user that is not part of group wheel or root?
>
> Are there any other suggestions others may have that I can do to CoD so
that
> if there are vulnerabilities found that the scope is limited to CoD and
doesn't affect the OS or other users?
>
> File permissions are mixed but they are either 755 or 555. Can they be
700 or 500 instead?
>
> Booker
>
More information about the Cod
mailing list