Re: Easy File Permissions

From: Michael Gerbasio (mwgerbasio_at_hotmail.com)
Date: 11/29/03


Date: Sat, 29 Nov 2003 16:08:15 GMT

Thanks for all the help.

Here's what I did: installed and created the user root. Installation asked
me to create another user which I did, "myuser" and installation created the
"user" group. Seems pretty standard, root in the root group and myuser in
the user group.

I'm logged in as myuser and I can open and modify the files in
/etc/samba/smb.conf. The setting on the file is rw-r--r-- and the setting
on the directory is rwxr-xr-x owned by root and part of the root group, so
I'm confused as to why I can edit the file logged in as myuser. If I take a
file owned my myuser and copy it to the samba directory, the owner and group
change to root. I was reading about SETUID/GID so that might apply here but
I haven't even went that far yet since I wasn't expecting to be able to
write in that directory.

The concept, which I've probably read 1000 times, seems so simple but I'm
just not seeing it happen on the PC. I was think maybe the Easy setting had
something to do with it or maybe suse is using acl which I know nothing
about. From my reading it looks like that is something particular to suse.

Regards-Michael G.

>
> Are you *sure* an ordinary user can actually write a file in one of
> those directories? The "execute" permission on a directory means you
> can cd to it and the "read" permission lets the group look at it, but
> if the "write" permission is turned off for that group, you should
> not be able to create a new file *or* change an existing one.
>
>
> > Looking at YaST I see if I go to Security and Users, click Security
> > Settings, under miscellaneous settings the setting of file
> > permissions is set to "easy". Is this correct and does that explain
> > why it seems that the user group has full access to directories
> > owned by others? Thanks.
> >
>
> I've never really delved into the settings for "easy" and "secure".
> I think it has more to do with how Yast will change permissions on
> files automatically, but I'm not sure. Hopefully, someone will know
> this answer . . .
>
>
> --
> Kevin Nathan (Montana, USA)
> Open standards. Open source. Open minds.
> The command line is the front line.
>
> Linux 2.4.10-4GB
> 10:00pm up 5 days, 8:53, 5 users, load average: 0.01, 0.07, 0.15



Relevant Pages

  • Re:Re:Deploring *nix Philosophy ( Was Re : Splitting archives across floppies )
    ... 'Desktop Installation' - installation on a single home PC shared by ... sudo or go to root account to wriggle out.Now either I share root password ... again compromising security or go to Windows and do it. ... I am an Economics professional and want to drive my car to workplace, ...
    (Fedora)
  • Re: How to install a program to run from a cgi - securely - newbie ?
    ... > I'm new to web adminstration and installation; so I was wondering is it ... > standard practise to do the following for a program installed by root ... tho I am by no means a security wizard myself -as a long-time WinDOS ... that running something ON a machine is entirely different than running a CGI ...
    (comp.os.linux.security)
  • is it a security problem in Mandrake 9.1???
    ... password......after installation click on any other rpm that is ... to be installed and it goes on smoothely without root ... serious it a security flaw and should be corrected.... ... Training features 6 hand-on courses on May 12-13 taught by professionals. ...
    (Security-Basics)
  • Re: is it a security problem in Mandrake 9.1???
    ... > password......after installation click on any other rpm that is ... > to be installed and it goes on smoothely without root ... Red Hat uses a similar session setup. ... notified of a possible security problem in their implementation. ...
    (Security-Basics)
  • How to install a program to run from a cgi - securely - newbie ?
    ... I'm new to web adminstration and installation; so I was wondering is it ... standard practise to do the following for a program installed by root ... I say security because that user has no telnet/ssh/ftp access to the ...
    (comp.os.linux.security)