[Date Prev][Date Next]
Re: Posix group with /etc/ldap.conf read priv
On Mon, 14 Jun 2010, Ariel wrote:
I don't like having the /etc/ldap.conf world readable [...]
And you didn't chmod /etc/passwd and /etc/group too? What if people get
valuable information out of those? You can't do this and be POSIX
multi-user; getgr*/getpw* are unprivileged operations. Your users should
be able to get some output with getent(1), and your users should be able
to get the same output with "cat /etc/ldap.conf" and a bit of thought, and
any attempts to make that harder will be a waste of time on your part.
Change back the permissions, or change your OS.
Now, with all this said, if your users can get *more* information with
"cat /etc/ldap.conf" and thought than getent(1) provides, that may well be
a configuration error on your part, which would be appropriate to discuss
on this list...