Re: Lesson learned / file permissions

From: Frank Gevaerts (frank_at_gevaerts.be)
Date: 10/20/04

  • Next message: Siju George: "Re: Running PHP4 and PHP5 Simultaneousl on Apache in Debian!" 
    Date: Wed, 20 Oct 2004 13:06:06 +0200
To: Debian Users List <debian-user@lists.debian.org>

    On Wed, Oct 20, 2004 at 12:45:59PM +0200, Olle Eriksson wrote:
    > Hi
    >
    > In one of my moments last night I thought, why should any of the files in
    > my home directory need to be world-accessible? I didn't think long about
    > it before I decided to remove all read, write and execute rights for
    > world. Before I did that, however (and thank god for that), I saved all
    > the existing permissions to a file:
    >
    > $ find /home/username/ -xdev -printf "%m %p\n" > permissions.txt
    >
    > Then:
    >
    > $ sudo chmod o-rwx /home/username/*
    > $ sudo chmod o-rwx /home/username/.*

    I assume there was also a -R there ?

    > Secondly, by calling chmod with sudo, all the files owned by root that I
    > as a user needed to see were now invisible. But they don't seem to be so
    > many so I am wondering if that had any influence.
    >
    > Should I simply leave the .* files in my home directory alone? :)

    Try
    find /home/username/ -xdev -exec chmod o-rwx {} \;
    or
    find /home/username/ -xdev|xargs chmod o-rwx
    Be careful with the last one if you have filenamess with spaces in them.
    Otherwise, it should be slightly faster than the first one

    > I acually found some that had 777 permissions which I didn't like. All my
    > documents are 750 or less and the umask is set to 027. Is that ok for
    > security?

    Depends on lots of other things, like who is also a member of the group,
    and if they should be allowed to read the files.

    Frank

    > Best regards
    > Olle Eriksson 

    -- 
"Debugging is twice as hard as writing the code in the first place.
Therefore, if you write the code as cleverly as possible, you are,
by definition, not smart enough to debug it." - Brian W. Kernighan
-- 
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org 
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
  • Next message: Siju George: "Re: Running PHP4 and PHP5 Simultaneousl on Apache in Debian!"

    Relevant Pages

    • Re: [VIM] How to tell what the working directory is
      ... Be careful with that: ... On Unix systems: Change the current directory ... to the home directory. ... Use |:pwd| to print the ...
      (comp.editors)
    • Re: iPhoto 8 vs Lightroom
      ... your home directory) and choose "Show Package Contents". ... but be careful not to modify anything you find there ...
      (comp.sys.mac.apps)
    • Re: Removing user home directories
      ... Be careful what access you allow. ... script that would delete a user and its home directory. ... > I have added users to the security group that I want to be able to ...
      (comp.unix.aix)
    • Re: BET special fails to air Sunday night
      ... Moments and Movements," was supposed ... Where's Seamus when we need him? ... "If Barack Obama isn't careful, he will become the Jimmy Carter of the 21st ...
      (rec.arts.tv)
    • Re: olando magic suffer the ultimate dis..
      ... of game 2 against the Jazz. ... This had to be the one of the ultimate NBA "be careful what you wish for" ... aren't setting themselves up for another of those moments. ...
      (alt.sports.basketball.nba.la-lakers)