Re: Permissions on /root/
At 13:02 Uhr +0200 08.03.2003, Birzan George Cristian wrote:
the moment, are 755. IMHO, this is a possible security problem
- Why is this a "possible security problem"? It looks like you are
not aware that you should always and anyways (regardless of whether
you're root at the moment or not) take care to make sensitive files
not world readable. If you don't have this habit then maybe you'll
end up making sensitive files world readable in your non-root account.
- Sensitive items (like user related config files and dirs, for
example /root/.ssh/) are 0700 regardless of user, anyways, so there's
no need to add another protection.
- You should also be aware that a 0700 directory does not protect you
if you are moving another directory from outside to inside, since
users who have already chdir'd into it remain inside it. (Example:
root: anybody:
chmod 0700 /root
# root feels safe
mkdir /blah
chdir /blah
mv /blah /root
# root thinks "ok now blah is safe"
cd /root/blah
cat > info
(enter sensitive info, Ctl-D)
cat info
(looks at info)
- The problem with a 0700 /root is that it does not leave it a *joice* anymore.
- In fact I am using /root/bin/, /root/etc/, /root/sbin/,
/root/libexec/ for scripts which I have written myself but should be
for any user on the system. My /etc/skel/.bash_profile includes
/root/bin into the user's paths.
Why do I not use /usr/local/{bin,sbin,lib} and /etc for that?
* I don't want my stuff to be mixed with software from other people.
* I want to be able to easily tar my stuff up to transfer it to
another machine.
* Sometimes I override an existing binary living in /usr/local/bin.
Since /root/bin is earlier in my path that's possible.
Maybe you can tell me which other directory is better suited for
that than /root?
I vote for leaving the permissions on /root as they are.
Christian.
Reply to: