[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: potato /root permissions?

On Tue, 29 Feb 2000 sharkey@ale.physics.sunysb.edu wrote:

> > That could be. But didn't they have a proper umask in /root/.bashrc?
> Depends on what you mean by proper.
> > I just went into /root on the system and did 'touch test'. It created it
> > with mode 644.
> So?  That sounds fine to me.  Are you planning on having a file

Yes, with a symlink in / to make it easier to find. Or why not use it as
the motd file?

> > Just for grins I created public_html to see if apache would accept /~root
> > and it did. So this potato system makes it easy for the superuser to have
> > a personal home page :)
> Ok, it's of dubious merit, yet, I fail to see it as a serious security hole.
> You should not be storing confidential files in /root/public_html.

Note the 'grins' and ':)' in my comment. Obviously, it's of dubious merit.

> In general, files should be world readable, unless there is some explicit
> reason for them not to be.

fsstnd says /root should be used solely for system administration.

> Are you also worried that /var/log is not 700, too?

Extremely, because I am the total idiot that you are treating me like.

I merely posted this because I noticed it and wasn't sure if there were
intentional changes involved along the way from slink to potato. This is
the testing list. I did get one off-list reply saying that his potato and
woody systems had /root as 700.

The issue here is whether this is the expected behavior and if so whether
it should also apply to upgrades from previous releases. Is it a bug or

In the case of an initial install it is acceptable that I have to set
permissions on /root to meet my needs. Same is true for users directories.
Once I change permissions and put content there I would not want them
changed automatically by package install/upgrade. Sometimes users 'turn
off' features like ~/public_html or ~/.procmailrc this way.

+ Paul Wade                         Greenbush Technologies Corporation +
+ mailto:paulwade@greenbush.com              http://www.greenbush.com/ +

To UNSUBSCRIBE, email to debian-testing-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

Reply to: