<div dir="ltr">Thanks Guus.. So if someone had to gain access to my vm-disk. They would not be able to view the contents of the files in ""etc/tinc" if I do "<span style="font-size:12.8px">sudo chmod go= /etc/tinc" .. My paranoia is around a VPS provider who had admin access to all containers. I know that I have to create a root password that will allow only myself root access , but im just worried about the disk contents if it were mounted on another system. </span></div><div id="DDB4FAA8-2DD7-40BB-A1B8-4E2AA1F9FDF2"><table style="border-top:1px solid #aaabb6;margin-top:30px">
<tr>
<td style="width:105px;padding-top:15px">
<a href="https://www.avast.com/sig-email?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=webmail" target="_blank"><img src="https://ipmcdn.avast.com/images/logo-avast-v1.png" style="width: 90px; height:33px;"></a>
</td>
<td style="width:470px;padding-top:20px;color:#41424e;font-size:13px;font-family:Arial,Helvetica,sans-serif;line-height:18px">This email has been sent from a virus-free computer protected by Avast. <br><a href="https://www.avast.com/sig-email?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=webmail" target="_blank" style="color:#4453ea">www.avast.com</a>
</td>
</tr>
</table><a href="#DDB4FAA8-2DD7-40BB-A1B8-4E2AA1F9FDF2" width="1" height="1"></a></div><div class="gmail_extra"><br clear="all"><div><div class="gmail_signature"><div dir="ltr"><div><div dir="ltr"><div dir="ltr">Regards<br>Yazeed Fataar<br></div><a href="mailto:yazeedfataar@hotmail.com" target="_blank"></a></div></div></div></div></div>
<br><div class="gmail_quote">On Sun, Jan 24, 2016 at 12:32 PM, Guus Sliepen <span dir="ltr"><<a href="mailto:guus@tinc-vpn.org" target="_blank">guus@tinc-vpn.org</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><span class="">On Sun, Jan 24, 2016 at 12:10:42PM +0300, Yazeed Fataar wrote:<br>
<br>
> Can you recommend a good strategy in securely managing the config and hosts<br>
> files please?<br>
<br>
</span>The private keys (those files ending in .priv) should only be readable<br>
by root. When tinc generates the public/private keypairs, it already<br>
ensures the private key file is only reabable by root. The rest of the<br>
files in /etc/tinc can be public, there is no harm in having others read<br>
them. But if you don't want others to access them, you should do:<br>
<br>
sudo chmod go= /etc/tinc<br>
<div class="HOEnZb"><div class="h5"><br>
--<br>
Met vriendelijke groet / with kind regards,<br>
Guus Sliepen <<a href="mailto:guus@tinc-vpn.org">guus@tinc-vpn.org</a>><br>
</div></div></blockquote></div><br></div>