Re: [gentoo-user] I (user) can write to / ... but why?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Dirk Heinrichs wrote: No. It isn't mounted by you. You own it (at least this directory). Use find / -xdev -uid 1000 Ahh, so what you are saying is that I own the / directory. Hmm, how could that have happened, and on 2 separate machines? I never thought of / being a directory, more like the base there initial directories were placed on. Anyway, when I get home today from work I'll check and change the permissions. Thanks for the heads-up. to find out if more files are owned by that user. Just to be save, repeat it on /usr, too. If you find files with wrong ownership, run find / -xdev -uid 1000 -exec chown root:root {} \; Yeah, there are other files scattered throughout the filesystem owned by me. Some are due to being compiled as me, and installed as root, and others I'm not too sure about. Again, thanks for the tips, and I'll do a followup on this once I confirmed /. Greetings Ralph -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.0 (MingW32) iD8DBQFDAY8nCt0ZF9kLPvYRAgSbAJ9m14NbHWZl9ps2rBUBT+TrrM+N/QCgjwdK LF3upA68QG1B5tRs9O5N+4g= =W1SG -END PGP SIGNATURE- -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] I (user) can write to / ... but why?
Neil Bothwick wrote: The option you mean is 'user' not 'users'. But I can't imagine how this makes sense on / Actually, both user and users are valid mount options, with slightly different meanings. Neither is applicable here though, because / is mounted by root and both options only affect the ability to mount a device, not the permission to read/write it. Thanks, didn't knew that one. If I understand this right, then 'users' allows all users to unmount the filesystem, instead of just the user who did mount it in the first place? Christoph -- echo mailto: NOSPAM !#$.'*'|sed 's. ..'|tr * !#:2 [EMAIL PROTECTED] -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] I (user) can write to / ... but why?
Am Dienstag, 16. August 2005 09:00 schrieb ext Ralph Slooten: Yeah, there are other files scattered throughout the filesystem owned by me. Some are due to being compiled as me, and installed as root If they were installed as root, they would be owned by root. The reason must be another. But since / is owned by you, it would have been possible to also make install as that user. Bye... Dirk -- Dirk Heinrichs | Tel: +49 (0)162 234 3408 Configuration Manager | Fax: +49 (0)211 47068 111 Capgemini Deutschland | Mail: [EMAIL PROTECTED] Hambornerstraße 55 | Web: http://www.capgemini.com D-40472 Düsseldorf | ICQ#: 110037733 GPG Public Key C2E467BB | Keyserver: www.keyserver.net pgpMXortG3Y03.pgp Description: PGP signature
Re: [gentoo-user] I (user) can write to / ... but why?
On Tue, 16 Aug 2005 09:14:41 +0200, Christoph Gysin wrote: Thanks, didn't knew that one. If I understand this right, then 'users' allows all users to unmount the filesystem, instead of just the user who did mount it in the first place? Yes, that's it. -- Neil Bothwick The Japanese call us lazy, but at least we cook our fish! pgpAMHvwlctfP.pgp Description: PGP signature
Re: [gentoo-user] I (user) can write to / ... but why?
On Tue, 2005-08-16 at 09:00 +0200, Ralph Slooten wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Dirk Heinrichs wrote: No. It isn't mounted by you. You own it (at least this directory). Use find / -xdev -uid 1000 Ahh, so what you are saying is that I own the / directory. Hmm, how could that have happened, and on 2 separate machines? I never thought of / being a directory, this is unix, everything is a file, so / is a file, it just happens to be the filetype that is a directory. Sorry I have no idea how you came to own it though. more like the base there initial directories were placed on. Anyway, when I get home today from work I'll check and change the permissions. Thanks for the heads-up. -- Nick Rout [EMAIL PROTECTED] -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] I (user) can write to / ... but why?
On Tue, 2005-08-16 at 21:26 +1200, Nick Rout wrote: On Tue, 2005-08-16 at 09:00 +0200, Ralph Slooten wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Dirk Heinrichs wrote: No. It isn't mounted by you. You own it (at least this directory). Use find / -xdev -uid 1000 Ahh, so what you are saying is that I own the / directory. Hmm, how could that have happened, and on 2 separate machines? I never thought of / being a directory, this is unix, everything is a file, so / is a file, it just happens to be the filetype that is a directory. Sorry I have no idea how you came to own it though. This seems to be a bug in the 2005.* installer. more like the base there initial directories were placed on. Anyway, when I get home today from work I'll check and change the permissions. Thanks for the heads-up. -- Nick Rout [EMAIL PROTECTED] -- gentoo-user@gentoo.org mailing list
RE: [gentoo-user] I (user) can write to / ... but why?
-Original Message- From: Dirk Heinrichs [mailto:[EMAIL PROTECTED] Sent: 16 August 2005 08:18 To: gentoo-user@lists.gentoo.org Subject: Re: [gentoo-user] I (user) can write to / ... but why? Am Dienstag, 16. August 2005 09:00 schrieb ext Ralph Slooten: Yeah, there are other files scattered throughout the filesystem owned by me. Some are due to being compiled as me, and installed as root If they were installed as root, they would be owned by root. The reason must be another. But since / is owned by you, it would have been possible to also make install as that user. Could it have something to do with axllent being in the portage group and the latter being left with its default access rights? (running as root) -- Regards, Mick -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] I (user) can write to / ... but why?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Frank Schafer wrote: This seems to be a bug in the 2005.* installer. I actually used iirc 2004.[2-3] or something which I still had lying around. That version I did use for both my workstation and laptop. My server was another version (no idea which though, one later I guess 2004.4?). Anyway, I tested at work on a test machine running gentoo and it was fine there too, however I was able to change permissions as earlier was suggested, replicating the circumstances. Again, I'll only definitely be sure when I get home this evening if it's the same issue I have. The problem with this security flaw is that you don't *just see* it ... I wonder how many other users have this issue. Was the bug linked always possibly to UID 1000 ? -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.0 (MingW32) iD8DBQFDAesiCt0ZF9kLPvYRAru9AJ9GzZoNNEPRk9psBvnOugfgnQPo3QCgn57s REf+r2Uc9J4pZeo0JUS6sVY= =H0pT -END PGP SIGNATURE- -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] I (user) can write to / ... but why? (solved)
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 The problem on both my laptop and workstation was simply the fact that the root partition (/) was owned by UID=1000 GUI=100. Apparently this is a bug, but a simple `chown root:root /` was sufficient to fix the problem, and I also changed several file-permissions in underlying directories (like usr). Thanks all for your help Greetings Ralph Ralph Slooten wrote: Hiya all, Now I feel *really* stupid asking this, but for the life of me I cannot work it out. On two machines here at home I discovered that I can write as a particular normal user to the root partition (/). This also means I can rename /root to /root1 if I want (I just tried), and create / delete files on / too. The strange thing is this does not work for another account (wife's) on the same machine, which seems to have the same permissions. It's almost like / is getting mounted by user axllent here. Other partitions that get mounted do not work, just / I have checked fstab: /dev/hda3/ reiserfsnoatime 0 0 In /etc/lilo.conf (on one machine that uses it) I have: image=/boot/vmlinuz-2.6.11.10 label=2.6.11.10 root=/dev/hda3 vga=791 read-only the permissions of /dev/hda3 are: [EMAIL PROTECTED] ~ $ ll /dev/hda3 lr-xr-xr-x 1 root root 33 Aug 15 18:55 /dev/hda3 - ide/host0/bus0/target0/lun0/part3 [EMAIL PROTECTED] ~ $ ll /dev/ide/host0/bus0/target0/lun0/part3 brw--- 1 root root 3, 3 Jan 1 1970 /dev/ide/host0/bus0/target0/lun0/part3 My groups for this user on both machines are: wheel audio cdrom games cdrw usb users portage wheel audio at usb users My wife who cannot write to / has wheel audio games usb users Using Reiserfs3. Does anyone have any idea what's causing this, and possibly how I can make / read-only? Greetings Ralph -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.1 (GNU/Linux) iD8DBQFDAg+jCt0ZF9kLPvYRAp4CAJwOFwRHHYQJ2iUWNLSro8/t3Uh4NgCfcsSq LH/k4Y/IpkR8MlneKp6Retg= =sMCd -END PGP SIGNATURE- -- gentoo-user@gentoo.org mailing list
[gentoo-user] I (user) can write to / ... but why?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hiya all, Now I feel *really* stupid asking this, but for the life of me I cannot work it out. On two machines here at home I discovered that I can write as a particular normal user to the root partition (/). This also means I can rename /root to /root1 if I want (I just tried), and create / delete files on / too. The strange thing is this does not work for another account (wife's) on the same machine, which seems to have the same permissions. It's almost like / is getting mounted by user axllent here. Other partitions that get mounted do not work, just / I have checked fstab: /dev/hda3/ reiserfsnoatime 0 0 In /etc/lilo.conf (on one machine that uses it) I have: image=/boot/vmlinuz-2.6.11.10 label=2.6.11.10 root=/dev/hda3 vga=791 read-only the permissions of /dev/hda3 are: [EMAIL PROTECTED] ~ $ ll /dev/hda3 lr-xr-xr-x 1 root root 33 Aug 15 18:55 /dev/hda3 - ide/host0/bus0/target0/lun0/part3 [EMAIL PROTECTED] ~ $ ll /dev/ide/host0/bus0/target0/lun0/part3 brw--- 1 root root 3, 3 Jan 1 1970 /dev/ide/host0/bus0/target0/lun0/part3 My groups for this user on both machines are: wheel audio cdrom games cdrw usb users portage wheel audio at usb users My wife who cannot write to / has wheel audio games usb users Using Reiserfs3. Does anyone have any idea what's causing this, and possibly how I can make / read-only? Greetings Ralph -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.1 (GNU/Linux) iD8DBQFDAN6KCt0ZF9kLPvYRAueFAJ49kV9gKfRSPPPeVaOR+wexDHSBjACfXa5K pbfD7OBM9Aom2jO2rWFpxlo= =KeTJ -END PGP SIGNATURE- -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] I (user) can write to / ... but why?
Daniel da Veiga wrote: Have you tried adding users to your fstab? Have you read the post before answering? The option you mean is 'user' not 'users'. But I can't imagine how this makes sense on / Christoph -- echo mailto: NOSPAM !#$.'*'|sed 's. ..'|tr * !#:2 [EMAIL PROTECTED] -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] I (user) can write to / ... but why?
On Mon, 15 Aug 2005 21:45:48 +0100 Neil Bothwick wrote: On Mon, 15 Aug 2005 22:21:52 +0200, Christoph Gysin wrote: Have you tried adding users to your fstab? Have you read the post before answering? The option you mean is 'user' not 'users'. But I can't imagine how this makes sense on / Actually, both user and users are valid mount options, with slightly different meanings. Neither is applicable here though, because / is mounted by root and both options only affect the ability to mount a device, not the permission to read/write it. What does ls -ld / show? after that id ralph id wife will show the differences between the accounts - perhaps ralph is in the root group? -- Neil Bothwick Windows Error #10: Insufficient money spent in hardware. -- Nick Rout [EMAIL PROTECTED] -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] I (user) can write to / ... but why?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 What does ls -ld / show? [EMAIL PROTECTED] ~ $ ls -ld / drwxr-xr-x 20 axllent users 456 Aug 15 20:05 / Looks like it's mounted by me ;-) LOL. -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.1 (GNU/Linux) iD8DBQFDAXbVCt0ZF9kLPvYRAhUeAJ99Gg+ehuR8T6ntKpo8nGk119Vg/wCgmYSN EntErq1ft4x/JHVz1nqHbo8= =K86w -END PGP SIGNATURE- -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] I (user) can write to / ... but why?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Nick Rout wrote: after that id ralph id wife will show the differences between the accounts - perhaps ralph is in the root group? workstation ~ # id axllent uid=1000(axllent) gid=100(users) groups=100(users),10(wheel),18(audio),35(games),80(cdrw),85(usb),250(portage) workstation ~ # id sanne uid=1001(sanne) gid=100(users) groups=100(users),10(wheel),18(audio),35(games),85(usb) It appears not, but if I look at the post one thread above yours (`ls - -ld /`) it seems to make scense, the root partition is mounted apparently by me, right? Thanks all so far for the ideas Ralph -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.1 (GNU/Linux) iD8DBQFDAXfZCt0ZF9kLPvYRAgeuAJ9QupmjGhh5HRkPQa6IReOfXSIeRwCgk2jg bZ0gEV81A2pYsf5QGMFhB+U= =q+4T -END PGP SIGNATURE- -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] I (user) can write to / ... but why?
Am Dienstag, 16. August 2005 07:17 schrieb ext Ralph Slooten: What does ls -ld / show? [EMAIL PROTECTED] ~ $ ls -ld / drwxr-xr-x 20 axllent users 456 Aug 15 20:05 / Looks like it's mounted by me ;-) LOL. No. It isn't mounted by you. You own it (at least this directory). Use find / -xdev -uid 1000 to find out if more files are owned by that user. Just to be save, repeat it on /usr, too. If you find files with wrong ownership, run find / -xdev -uid 1000 -exec chown root:root {} \; NOTE: This assumes you don't have a single partition for everything. If you have one single, large partition for everything, mounted as /, you may want to exclude some directories from the search (i.e. /home, see man find for details). HTH... Dirk -- Dirk Heinrichs | Tel: +49 (0)162 234 3408 Configuration Manager | Fax: +49 (0)211 47068 111 Capgemini Deutschland | Mail: [EMAIL PROTECTED] Hambornerstraße 55 | Web: http://www.capgemini.com D-40472 Düsseldorf | ICQ#: 110037733 GPG Public Key C2E467BB | Keyserver: www.keyserver.net pgp4dj6ic4Yy0.pgp Description: PGP signature