Securing tinc config files
Yazeed Fataar
yazeedfataar at gmail.com
Sun Jan 24 10:48:13 CET 2016
Thanks Guus.. So if someone had to gain access to my vm-disk. They would
not be able to view the contents of the files in ""etc/tinc" if I do "sudo
chmod go= /etc/tinc" .. My paranoia is around a VPS provider who had admin
access to all containers. I know that I have to create a root password that
will allow only myself root access , but im just worried about the disk
contents if it were mounted on another system.
<https://www.avast.com/sig-email?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=webmail>
This
email has been sent from a virus-free computer protected by Avast.
www.avast.com
<https://www.avast.com/sig-email?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=webmail>
<#DDB4FAA8-2DD7-40BB-A1B8-4E2AA1F9FDF2>
Regards
Yazeed Fataar
<yazeedfataar at hotmail.com>
On Sun, Jan 24, 2016 at 12:32 PM, Guus Sliepen <guus at tinc-vpn.org> wrote:
> On Sun, Jan 24, 2016 at 12:10:42PM +0300, Yazeed Fataar wrote:
>
> > Can you recommend a good strategy in securely managing the config and
> hosts
> > files please?
>
> The private keys (those files ending in .priv) should only be readable
> by root. When tinc generates the public/private keypairs, it already
> ensures the private key file is only reabable by root. The rest of the
> files in /etc/tinc can be public, there is no harm in having others read
> them. But if you don't want others to access them, you should do:
>
> sudo chmod go= /etc/tinc
>
> --
> Met vriendelijke groet / with kind regards,
> Guus Sliepen <guus at tinc-vpn.org>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.tinc-vpn.org/pipermail/tinc/attachments/20160124/34f6e2ed/attachment.html>
More information about the tinc
mailing list