Jeremy Gaddis wrote: > On Fri, 28 Feb 2003, Bob Proulx wrote: > > > There is no sensitive files installed in /root. There really is no > > reason not to make it 755. Everyone knows what is in /root. It is > > not a secret. > > oh? what do i have in my /root directories then? If your implication is that Bob doesn't know what _you_ have in your /root directory, and therefore is being presumptuous, then the answer is that you _shouldn't_ have anything much there. The very few sensitive things that I keep in /root (config files/directories for things like ssh and mcrypt, which I need for my homebrew remote backup system) are set to owner-only permissions, just as they would be in an ordinary user's account. > where is a more appropriate location for files only to be seen or > used by the root user than his home directory? A subdirectory under /root with permissions set to 700, perhaps? That's what I do, just as I do with sensitive files stored under my regular user account. > yes, i'm well aware of that. and i don't use the root account > for "nonadministrative work". i use it solely for "administrative > work", and henceforth, have files in /root not intended for the > general public. i stores script under /root that are run from > crontab, and various other files. I have scripts like that in /root/bin, which was 700 until I decided it didn't matter whether anyone read them or not, and changed it to 755. It's not as if they contain passwords. Finding out that I use tar, mcrypt, and rsync-over-ssh for backups isn't going to do anyone much good. > i guess i wrongly assumed that a distribution that's usually > somewhat sane would have somewhat sane permissions on a directory > such as /root, which i consider "sensitive", so to speak. I find it amusing, in a pathetic sort of way, to be implicitly accused of insanity just because I have /root's permissions set to 755. Even calling it insecure would be wrong, because what needs to be locked down is locked down. Craig
Attachment:
pgpprnVUpMiHV.pgp
Description: PGP signature