Re: potato /root permissions?

To: sharkey@ale.physics.sunysb.edu
Cc: debian-testing@lists.debian.org
Subject: Re: potato /root permissions?
From: <paulwade@greenbush.com>
Date: Mon, 28 Feb 2000 12:39:16 -0500 (EST)
Message-id: <Pine.LNX.3.96.1000228120038.12457A-100000@ns1.greenbush.com>
In-reply-to: <m12PS04-000sLVC@lbscissors.kek.jp>

On Tue, 29 Feb 2000 sharkey@ale.physics.sunysb.edu wrote:

> > That could be. But didn't they have a proper umask in /root/.bashrc?
> 
> Depends on what you mean by proper.
> 
> > I just went into /root on the system and did 'touch test'. It created it
> > with mode 644.
> 
> So?  That sounds fine to me.  Are you planning on having a file
> /root/HERE_IS_THE_ROOT_PASSWORD_FOR_THIS_MACHINE or something?

Yes, with a symlink in / to make it easier to find. Or why not use it as
the motd file?

> > Just for grins I created public_html to see if apache would accept /~root
> > and it did. So this potato system makes it easy for the superuser to have
> > a personal home page :)
> 
> Ok, it's of dubious merit, yet, I fail to see it as a serious security hole.
> You should not be storing confidential files in /root/public_html.

Note the 'grins' and ':)' in my comment. Obviously, it's of dubious merit.

> In general, files should be world readable, unless there is some explicit
> reason for them not to be.

fsstnd says /root should be used solely for system administration.

> Are you also worried that /var/log is not 700, too?

Extremely, because I am the total idiot that you are treating me like.

I merely posted this because I noticed it and wasn't sure if there were
intentional changes involved along the way from slink to potato. This is
the testing list. I did get one off-list reply saying that his potato and
woody systems had /root as 700.

The issue here is whether this is the expected behavior and if so whether
it should also apply to upgrades from previous releases. Is it a bug or
not?

In the case of an initial install it is acceptable that I have to set
permissions on /root to meet my needs. Same is true for users directories.
Once I change permissions and put content there I would not want them
changed automatically by package install/upgrade. Sometimes users 'turn
off' features like ~/public_html or ~/.procmailrc this way.

+----------------------------------------------------------------------+
+ Paul Wade                         Greenbush Technologies Corporation +
+ mailto:paulwade@greenbush.com              http://www.greenbush.com/ +
+----------------------------------------------------------------------+

--  
To UNSUBSCRIBE, email to debian-testing-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

Reply to:

Follow-Ups:
- Re: potato /root permissions?
  - From: sharkey@superk.physics.sunysb.edu

References:
- Re: potato /root permissions?
  - From: sharkey@superk.physics.sunysb.edu

Prev by Date: Re: potato /root permissions?
Next by Date: Re: potato /root permissions?
Previous by thread: Re: potato /root permissions?
Next by thread: Re: potato /root permissions?
Index(es):
- Date
- Thread