Re: Lesson learned / file permissions
On Wednesday 20 October 2004 13.03, Alexis Huxley wrote:
> On 2004-10-20, Olle Eriksson <pt00oer@student.bth.se> wrote:
> > I think it was the fact that /home lost all world-permissions that
> > caused all the problems. Would you agree?
>
> The problem is the '.*' above expanding to '..' and therefore affecting
> the parent directory.
Ahh.. I didn't think of that. I actually only did that because
chmod /home/username/* didn't seem to affect a lot of the files in the
hidden directories. I should have been more careful. :) Thanks for
explaining.
> > Secondly, by calling chmod with sudo, all the files owned by root
> > that I as a user needed to see were now invisible. But they don't
> > seem to be so many so I am wondering if that had any influence.
>
> You should not have any files owned by root under a normal user's home
> directory (or under /home as the '.*' error above would mean).
I had a more careful look this time and found that all the 777 files were
acutally symlinks, so I guess I shouldn't worry. And the few files owned
by root were not any important files, just temporary emacs files from
using sudo etc.
> > Should I simply leave the .* files in my home directory alone? :) I
> > acually found some that had 777 permissions which I didn't like. All
> > my documents are 750 or less and the umask is set to 027. Is that ok
> > for security?
>
> You might be interested in 'fadfixperms' which reads instructions for
> how to set permissions on a hierachy of files and enforces them. I do
> this on a daily basis to make sure that what I intend to keep private
> is kept private despite a umask of 022 which I need in a cooperative
> work environment. Google for it.
I'll have a look at that.
Regards
Olle
Reply to: