[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: What has fowled sshfs in buster



On Monday 28 October 2019 13:04:07 Greg Wooledge wrote:

> On Mon, Oct 28, 2019 at 07:49:13PM +0300, Reco wrote:
> > I agree that "chmod +w" would suffice here, *and* it should be the
> > first thing that anyone should try (a hint - error message says it).
> > "sudo chmod" is so Ubuntu, and all that.
> >
> > But after the chown, /sshnet/rpi4 is a user directory anyway, and a
> > user is free to have any permissions on own directories, including
> > insecure ones.
>
> To be fair, I reversed the two commands from Gene's email.  He did the
> chmod 1777 first, and the chown second.  So, yes, he would have needed
> the sudo on both of them.
>
> The point remains that putting 1777 perms on things at random is a
> horribly bad idea.  A typical directory should have 755 perms at
> most.  Gene didn't show us what the perms were originally. 

not even root could access the directory to find out, even root had no 
permissions.

> All he 
> showed was a plain "ls" listing of the parent directory, showing the
> name of the mount point, but none of its metadata.
>
> A reasonable starting point, given the error message that Gene
> received, would have been:
>
> ls -ld /the/directory
>
> Look at the owner.  Is it correct?  If not, fix it.
>
> Look at the permissions.  Are they correct (drwxr-xr-x)?  If not, fix
> them.

Since these links are there so I can copy files from any of these 
machines to this one, or move a network acquired file to one of those 
machines, is your version of permissions adequate for that?

I don't really think security concerns are relevant here as this whole 
network is behind dd-wrt, and no one whom I didn't give login creds to 
has succeeded in penetrating this network in the 15+ years I've been 
using dd-wrt in my routers.  And I AM the only user sucking air. The 
wife is 75% dead from COPD, I have been her caregiver for EVERYTHING for 
the last 3 years, and she has never had any interest in using my 
computers even if she's had an account off and on for the last 30 years.

> Don't just randomly throw 1777 or 777 or 666 permissions on
> everything.

See the question above. I will restrict it, until it gets in my way the 
first time.

Thanks Greg.

Cheers, Gene Heskett
-- 
"There are four boxes to be used in defense of liberty:
 soap, ballot, jury, and ammo. Please use in that order."
-Ed Howdershelt (Author)
If we desire respect for the law, we must first make the law respectable.
 - Louis D. Brandeis
Genes Web page <http://geneslinuxbox.net:6309/gene>


Reply to: