Re: Lesson learned / file permissions
On Wed, Oct 20, 2004 at 12:45:59PM +0200, Olle Eriksson wrote:
> Hi
>
> In one of my moments last night I thought, why should any of the files in
> my home directory need to be world-accessible? I didn't think long about
> it before I decided to remove all read, write and execute rights for
> world. Before I did that, however (and thank god for that), I saved all
> the existing permissions to a file:
>
> $ find /home/username/ -xdev -printf "%m %p\n" > permissions.txt
>
> Then:
>
> $ sudo chmod o-rwx /home/username/*
> $ sudo chmod o-rwx /home/username/.*
I assume there was also a -R there ?
> Secondly, by calling chmod with sudo, all the files owned by root that I
> as a user needed to see were now invisible. But they don't seem to be so
> many so I am wondering if that had any influence.
>
> Should I simply leave the .* files in my home directory alone? :)
Try
find /home/username/ -xdev -exec chmod o-rwx {} \;
or
find /home/username/ -xdev|xargs chmod o-rwx
Be careful with the last one if you have filenamess with spaces in them.
Otherwise, it should be slightly faster than the first one
> I acually found some that had 777 permissions which I didn't like. All my
> documents are 750 or less and the umask is set to 027. Is that ok for
> security?
Depends on lots of other things, like who is also a member of the group,
and if they should be allowed to read the files.
Frank
> Best regards
> Olle Eriksson
--
"Debugging is twice as hard as writing the code in the first place.
Therefore, if you write the code as cleverly as possible, you are,
by definition, not smart enough to debug it." - Brian W. Kernighan
Reply to: