5

The afterboot(8) man page of OpenBSD advises "You might wish to tighten up security more by editing /etc/fbtab as when installing X. "

I would like to know what entries in /etc/fbtab would make sense for a machine that's used as a desktop for a single user who logs on locally and starts the X server with startx?

Also, please share your /etc/fbtab suggestions in general. I am trying to get my head around how this file in /etc works in practice. I have read the manpage, but I'm unsure how to employ it for the sake of greater security.

Gilles 'SO- stop being evil'
  • 50,912
  • 13
  • 120
  • 179
Nicholas
  • 86
  • 2
  • Welcome to [security.se]. Please read our [faq]. As it stands, your question is off-topic for this site. While the question here is indeed about securing an Information System, the intent of the question is toward implementation. This site is more geared for risk analysis and threat modeling. I'm going to suggest that this be moved to another site, perhaps [sf], [su], or [Unix.SE]. If deemed appropriate, a moderator will migrate the existing question for you - please do not cross-post. – Iszi Oct 12 '12 at 13:40
  • Additionally, the last paragraph should be removed - it effectively generalizes your question in a way that makes it unanswerable. If you have other, more specific questions about `/etc/fstab`, they should be posted separately from this one and in one of the more appropriate venues. – Iszi Oct 12 '12 at 13:42

1 Answers1

0

If there is just a single user on a machine then permission controls don't really come into play and the /etc/fstab produced at install is sufficent. If the machine is compromised, its very likely that the hacker will be running as you, and then file permissions are a moot point.

Unix file permissions are designed for managing multi-user systems, and you don't have multi-user system.

rook
  • 46,916
  • 10
  • 92
  • 181