Permissive Permissions
Thomas P. Mitchell
mitch at rock.SGI.COM
Thu May 11 12:05:52 AEST 1989
In article <8905101550.AA02500 at lerc08.nas.nasa.gov>, fsfacca at LERC08.NAS.NASA.GOV (Tony Facca) writes:
>
> >> I fail to see what the problem is? / has world-writable, so what?!
> >> I would be concerned if it didn't.
It is a security problem --
chmod 555 / ; is the "school solution"
>
> I suppose its just a matter of personal preference. Some folks set the
> default permissions on the user's directory to 700 so that users can't go
chmod 700 or 500 is wrong.
Many tools need read and search permissions -- Programs
which run with low user ID numbers run as users to limit
security problems. See things like lp.
> snooping aroung in each others directories. Personally, I think 755 is fine.
> If I have sensitive data I can explicity set the permissions.
Each user should own his own home dir. He can set it to 700
if he wishes -- but that is nearly anti-social. A better is
again 755 for $HOME and 700 for $HOME/someplace_private.
> However, by default, 777 on root?? / is no place for novice user's to have
True. It is wrong. Also simple to fix.
> write permission. Moreover, if / is writeable by anybody, why even bother
> with a /tmp? I don't know, it just doesn't *smell* right. I'd have to agree
^^^^ tis wrong.
Exactly -- /tmp and /usr/tmp are 777 so anyone can make
tmp files. Most users should use /usr/tmp/ by default
because it is larger. Many system tools must use the
smaller /tmp because the /usr filesystem may not be
mounted.
Will the original poster email me the Serial Numbers of
the machines so I can follow up on this. I am mitch at sgi.com
--
-------------
Thomas P. Mitchell (mitch at sgi.com)
Rainbows -- The best (well second best) reason for windows.
More information about the Comp.sys.sgi
mailing list