Re: Help! File permissions keep changing...
On Wed, Feb 18, 2004 at 02:15:36AM +0100, Javier Fernández-Sanguino Peña wrote:
> You can try to settle it by using umask (as other's have suggested) but
> users can defeat that. If you _really_ want to fix it, have a cronjob do
> this (quick and dirty, could be _really_ improved)
>
> ----------------------------------------------------------
> DIR_TO_FIX=/home/groupX
> GROUP=mygroup
> PERM=g+rwX
>
> find $DIR_TO_FIX -type f -o -type d | xargs chown $GROUP
> # or chown -hR $GROUP $DIR_TO_FIX
> find $DIR_TO_FIX -type f -o -type d | xargs chmod $PERM
> # or chmod -hR $PERM $DIR_TO_FIX
> ----------------------------------------------------------
Waaaaaah, SCARY!
Users can create hard links to arbitrary files in that directory, e.g.
links to other users' private files or to /etc/shadow, and automatically
get read access to those files.
umask *is* the right solution (together with a sticky-bit dir). Set up a
default umask which allows global read access and *let* users defeat it! If
they know how to change their umask to something more restrictive, they're
bound to know what they're doing!
Cheers,
Richard
--
__ _
|_) /| Richard Atterer | GnuPG key:
| \/¯| http://atterer.net | 0x888354F7
¯ '` ¯
Reply to: