Re: why are there so many world readable files?

From: Pete Nesbitt (pete_at_linux1.ca)
Date: 02/19/04

  • Next message: Dilip M: "Strange Problem with Redhat Enterprise Edition -WS - 3.0" 
    To: redhat-list@redhat.com
Date: Wed, 18 Feb 2004 18:33:03 -0800

    On February 18, 2004 04:41 pm, Chris W. Parker wrote:
    > hi.
    >
    > i was just wondering. why are there so many world readable files
    > throughout the linux os? shouldn't a directory like /etc not be readable
    > by the world?
    >
    > the reason i ask is because i setup a cron job that backups up a
    > database each night. i noticed that the backup file that was being
    > created was 0 bytes so i did some investigation. turns out it's because
    > i changed the mysql root password, so i changed it in the file.
    >
    > but then i realized the file is world readable by default. of course i
    > changed it to 750 (maybe it should be 700?) but i don't see why so many
    > files are world readable.
    >
    > someone enlighten me please.
    >
    >
    > thanks,
    > chris.

    Hi Chris,
    There are a lot of files in /etc and other areas that should be accessable by
    regular users. The ones that matter are not readable.
    For example, a script may check for valid user by greping the /etc/passwd
    file, but the passwords are kept in /etc/shadow, which is only readable by
    root.

    In a case where you want to automate something you should try and use an
    account with no login shell, and then use key based if possible, or at least
    restrict the file to owner &/or group as required. Sounds like you have done
    that already. Basicly, storing passwords for scripts or programs to use is
    not a good idea if it can be avoided.

    Yes there are lots of files that are world readable that don't need to be. So
    you could carefully remove that access, being careful not to break anything,
    but again, the system files that need to be private are not world readable. 

    -- 
Pete Nesbitt, rhce
-- 
redhat-list mailing list
unsubscribe mailto:redhat-list-request@redhat.com?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list
  • Next message: Dilip M: "Strange Problem with Redhat Enterprise Edition -WS - 3.0"

    Relevant Pages

    • Re: SBS2003 exchange mail relay problem.
      ... i will arrange the changing of all passwords and remove the relay if ... > Hi Chris - ... > The usual culprit is weak passwords - where the spammers crack the user ... > Virtual Server and select Properties. ...
      (microsoft.public.backoffice.smallbiz2000)
    • Re: pop3s server?
      ... On Monday 12 July 2004 18:16, Chris wrote: ... >> all instances of passwords being transmitted to my network unencrypted. ... Thanks for pointing out my ignorance. ...
      (freebsd-questions)
    • RE: Using non-printable characters in passwords
      ... Chris: Subject: RE: Using non-printable characters in passwords ... hash represents only 7 characters, meaning that if you have a 21 character ... it is really 3 consecutive 7 character passwords. ...
      (Security-Basics)
    • Re: Error saving schedule for audience compilation
      ... Chris, Derek, ... I have looked at the tasks, there is no task concerning Audiences (just ... I asked about changes in names and passwords. ... > The audience compilation is actually performed by a scheduled Task. ...
      (microsoft.public.sharepoint.portalserver)
    • FW: regex needed
      ... Still cant get to you chris ... you must refer to the latest post to see the working script. ... |> |I have now looped the route list, and it is saved in the hash. ...
      (perl.beginners)