On Sun, 27 May 2001, Diwakar Ranganathan spewed into the ether:
<snip>
> things right. sometime back i secured a user's home
> directory by such a command read in a book and tested
I've been wondering about this for the past week.
Do you mean you did a chmod 700 /home/$user to secure it?
Those should be the default permissions for the home directory, unless
you allow those users to put up web pages.
> it by trying to enter it as another user. it worked
> fine. but the root directory must have to be dealt in
> a different way, i guess...
It you mean /, it *has* to be 755.
Note on permissions:
Permissions are expressed as a 12 bit value.
Each of the bits represents one permission.
In order, the bitwise permissions granted are:
(Split into groups of 3 for comfort)
100 000 000 000 --> Run with owner permissions/Access with owner
permissions.
010 000 000 000 --> Same as above, for group.
001 000 000 000 --> Set sticky bit, implying that the user can delete
his/her own files, but no one elses. This is set on shared directories
like /tmp/
000 100 000 000 --> Read permission for user
000 010 000 000 --> Write permission for user
000 001 000 000 --> Execute permission for user.
The next three bits specify the above for the group, asnd the last
three for others.
To obtain the final value of permissions, XOR the correct fields from
this list.
Each group of three is represented in octal, first bit = 4, second = 2
and third = 1.
Permissions of 1777 (/tmp) --> Everyone can read files here, write here
and cd into this directory. However they cannot delete other peoples
files, but only their own.
Permissions of 0755 --> Read, write and execute for owner, read and
execute for evreyone else. Anyone can run the program/script, but only
the owner can modify it.
4755 --> Same as above, but this program will always run with the
privileges of its owner.
This is *dangerous*. The number of SUID/SGID programs should be
minimised, and almost no binary getting data from untrusted sources
need be suid. A hole in such a binary will lead to root access.
2755 --> Run with group privileges. Still dangerous.
I hope this longish mail clarifies the situation slightly.
Devdas Bhagat
--
skldfjkl���jklsR%^&(IXDRTYju187pkasdjbasdfbuil
h;asvgy8p 23r1vyui�135 2
kmxsij90TYDFS$$b jkzxdjkl bjnk ;j nk;<[][;-==-<<<<<';[,
[hjioasdvbnuio;buip^&(FTSD$%*VYUI:buio;sdf}[asdf']
sdoihjfh(_YU*G&F^*CTY98y
Now look what you've gone and done! You've broken it!
_______________________________________________
linux-india-help mailing list
[EMAIL PROTECTED]
http://lists.sourceforge.net/lists/listinfo/linux-india-help
