Jump to content

well this is a security bummer


crp
 Share

Recommended Posts

8 minutes ago, securitybreach said:

What permissions did the user have? If you do not want this to happen, you have to set the permissions on your /home/ to 0750 using:

 

 


sudo chmod 0750 /home/crp

 

 

Explained further here: https://www.howtogeek.com/190084/how-to-prevent-other-users-from-accessing-your-home-directory-in-ubuntu-14.04/

Why is the default of total access to /home considered safe?

Link to comment
Share on other sites

securitybreach

Well I do not why the distro decided to use 755 as it allows any one in the users group to look at other user's directories.

 

Quote

According to an Ubuntuforms.org staff member, it is to make it easier to share files between new users.

 

https://askubuntu.com/questions/46501/why-can-other-users-see-the-files-in-my-home-folder

Link to comment
Share on other sites

V.T. Eric Layton

Same for me, Josh... 700 (owner r-w-x, group - - -, other - - - )...

 

drwx------ 46 vtel57 users  4096 Oct  1 09:00 vtel57/

 

  • +1 1
Link to comment
Share on other sites

Interesting, never considered that before. Default in my Debian is drwxr-xr-x which is 751. I guess the x for others enables them to see other directories but not read what's in them without the r .

Link to comment
Share on other sites

V.T. Eric Layton

Of course, y'all already know this, but others may be interested...

 

r = read

w = write

x = execute

 

___

 

0      No Permission

1

     Execute

–x

2

     Write

-w-

3

     Execute + Write

-wx

4

     Read

r–

5

     Read + Execute

r-x

6

     Read +Write

rw-

7

     Read + Write +Execute      

 

rwx

  • Like 1
  • Thanks 1
  • +1 1
Link to comment
Share on other sites

securitybreach
14 minutes ago, V.T. Eric Layton said:

Thanks. I still remember some of this stuff. ;)

 

Lots of linux users nowadays do not even understand or use permissions. I am not referring to you crp but I just mean all the users who know little about linux beyond clicking on apps and such. I love how linux has grown but I still preferred the times when you had to be a computer geek to configure and use linux.

  • Agree 1
Link to comment
Share on other sites

13 hours ago, V.T. Eric Layton said:

Yes, they've all been Ubuntu-ised. ;)

I probably resemble that remark.  LOL!

 

While I no longer use Ubuntu, it has many fine features which make it an ideal (IMO) distro for new linux users.  You shouldn't HAVE TO be a mechanic in order to drive a car.  While I'm certain those mechanic skills will come in handy at some point, most people just want to DRIVE the car.  And let's be honest......the overwhelming majority of computer users are Windows users.  It's a hard sell to get most of those users to even try something new, no matter how much "better" it is.  But then to tell 'em they've got to develop some "mechanic skills" in order to switch, is it any wonder almost everyone says "nah....I just wanna DRIVE the car" and stays with Windows?

  • +1 1
Link to comment
Share on other sites

Aside from the insane idea of setting permissions to 777, I don't see them as a big deal on a system that has one user aside from root and no likelihood of ever having any more. Maybe I'm missing something just going with the defaults here. Or not.

  • Agree 1
  • +1 2
Link to comment
Share on other sites

I have a question.

 

I have set  my home for me only,

 

 Put brain in gear befor pressing enter14:34:26-->Sat Oct 02-->~
-->ls -ld /home/bloodaxe
drwx------ 47 bloodaxe bloodaxe 4096 Oct  2 14:25 /home/bloodaxe

 

However I do and get

 

 Put brain in gear befor pressing enter14:28:41-->Sat Oct 02-->~
-->ls -al
total 376
drwx------  47 bloodaxe bloodaxe  4096 Oct  2 14:25  .
drwxr-xr-x   4 root     root      4096 Jan 14  2021  ..
drwxr-xr-x  18 bloodaxe bloodaxe  4096 Sep 22 12:12  ABCMinors
-rw-r--r--   1 bloodaxe bloodaxe    12 Feb  3  2021  .alsoftrc
drwxr-x---   2 bloodaxe bloodaxe  4096 Aug 10 14:49  .android
drwxr-xr-x   3 bloodaxe bloodaxe  4096 Apr 16 13:46  BACKUPS
-rw-------   1 bloodaxe bloodaxe 11048 Oct  2 10:51  .bash_history
-rw-r--r--   1 bloodaxe bloodaxe    21 Dec 20  2020  .bash_logout
-rw-r--r--   1 bloodaxe bloodaxe    57 Dec 20  2020  .bash_profile
-rw-r--r--   1 bloodaxe bloodaxe  2152 Aug 26 09:48  .bashrc

 

According to the above ABCMinors has execute permissions for anyone. Yet I get this from a gui

 

fUTecPd.png

 

Can anyone explain what is going on as I am a tad confused. 🤔

Link to comment
Share on other sites

V.T. Eric Layton
2 hours ago, Hedon James said:

You shouldn't HAVE TO be a mechanic in order to drive a car.

 

Relax, HJ... I actually agree with you. I've converted many family and friends to GNU/Linux over the last decade or so. I couldn't have done that with Slackware or Arch. Ubuntu (Mint, also) made that possible.

 

1 hour ago, raymac46 said:

I don't see them as a big deal on a system that has one user...

 

Sure, it's probably not necessary. Maybe Josh and I are just a bit paranoid. ;)

 

21 minutes ago, abarbarian said:

Can anyone explain what is going on as I am a tad confused.

 

The simple answer is that your permissions are NOT set for "just you". However, it's easily fixed in one quick step:

 

#chmod -R 700 /home/bloodaxe

 

Actually, that might not be such a good idea. Some applications and modes of operation need access to the data in your /home directory. You should ONLY "chmod -R 700" on your personal directories within the /home directory. Do NOT limit access to config files, themes, icons, etc. That will trash your system, I believe.

 

I'm glad I caught this before you did anything. I blame it on not enough coffee this AM.

 

Have fun!

 

 

.

  • Like 1
  • +1 1
Link to comment
Share on other sites

V.T. Eric Layton

By the way, @abarbarian... your GUI permissions are the same as your command line permissions. It's just that the GUI is using different terms...

 

- view content = Read (r)

- change content = Write (w)

- access content = Execute (x)

 

Your terminal view shows:

 

drwxr-xr-x  18 bloodaxe bloodaxe  4096 Sep 22 12:12  ABCMinors

 

Your GUI shows:

 

View - Anyone

 

Change - Only Owner

 

Access - Anyone

 

This is correct! In the ls -a display, you see "drwxr-xr-x":

 

- d = directory

- first triad (rwx) = owner -> owner (you) can read, write, and execute this file

- second triad (r-x) = group -> group can read and execute

- third triad (r-x) = users -> any users can read and execute

 

In other words, the permissions for this particular file are 755.

 

Clear as mud, eh?

  • Like 1
  • +1 1
Link to comment
Share on other sites

3 hours ago, V.T. Eric Layton said:

 

Relax, HJ... I actually agree with you. I've converted many family and friends to GNU/Linux over the last decade or so. I couldn't have done that with Slackware or Arch. Ubuntu (Mint, also) made that possible.

 

 

Sure, it's probably not necessary. Maybe Josh and I are just a bit paranoid. ;)

 

It's all good Eric.  Just an observation about the catch-22 situation(s) we encounter when introducing new users to Linux.  I've got nothing scientific to back it up, but my own personal observations are that about 98% of Windows users, and 100% of OSX users just want to "drive the car".  Empirically, this explains the approximate 2% market share of Linux as an OS.  So about 2% of us (including everyone on this forum) are mechanically inclined, and drive "hot rod" Operating Systems!  😎

  • Agree 1
Link to comment
Share on other sites

Honestly, I have to put myself more in the driver category than the tinkerer one. I did a lot of tinkering in my early days because things like WPA wifi could not be implemented without resorting to CLI and special configuration files. That is all behind us now.

Even my use of a real tinkerer's distro like Arch is more for its lightweight characteristics, rolling release, and stability.

Linux Mint made it possible to keep two nine-year-old Sandy Bridge machines working for my son-in-law's family and they have used them for months to do the kids' remote learning without incident.

Permissions have always been a minefield for me. I can't remember how many times I copied picture files from a CD onto a system, only to find that I had no ownership or control afterwards.  Permissions were essential if you were the admin of a megauser UNIX operation back in the day. But I think sometimes they are overkill for a simple Linux system. YMMV of course.

  • Like 1
Link to comment
Share on other sites

V.T. Eric Layton

I only tinker (get under the hood) when necessary these days. I just want the thing to come on and WORK when I press that ON/OFF button. ;)

  • Like 1
  • +1 1
Link to comment
Share on other sites

I did a bit of tinkering recently to get my Debian bookworm install back to the way I like it. I wouldn't say this is something I enjoyed though.

I am not totally averse to tinkering or I would just install Linux Mint on everything. You have to be willing to fix/configure stuff to explore distros like Arch or Debian testing. Goes with the territory.

Edited by raymac46
  • Agree 2
Link to comment
Share on other sites

Tinker is a good description.  I'm a tinkerer who likes to get things custom fit for my personal preferences.  But once I get it to that place, I just want to maintain it without much hassle...I just wanna drive it!

  • Agree 1
  • +1 1
Link to comment
Share on other sites

V.T. Eric Layton

Part of the reason I don't tinker much is that I only have one working system these days. The days of having 5 or 6 laptops and towers around here are gone. I still have my workshop system, but it has a dead PSU. Since it's not a critical machine, I haven't bothered to repair it, even though Bob (Amenditman) mentioned that he probably had a good PSU he could give me.

 

I have NO laptops at all nowadays.

 

Of course, with Slackware (as with Arch), under-the-hood work is sometimes required. Not a problem. After 15+ years of running Slackware as my primary OS, I can usually fudge my way around under that hood relatively proficiently. When it's something above my pay grade, though, I find much assistance with Slackware at Jeremy's Linux Questions forum. :)

 

I have a strong feeling that when this current Main System smokes, I'll probably be saying bye-bye to computers and Internetting altogether. I've cut back on it quite a lot over the last few years. I'm pretty sure I could live without it. My only regrets would be missing my online friends and YouTube music. :)

Link to comment
Share on other sites

I've had personal computers since 1982, so no chance I say goodbye to them in my lifetime. Maybe I won't have the insane collection I have now, bit I'll have at least ONE. And it won't be a Smartphone.

My wife's mother is 91, doesn't speak English much anymore, and no she isn't computer literate. We live 2 hours away. Without online access we could not book lab appointments for her, complete the Canadian census, pay her cable TV bill, get her vaccinated against COVID or send money to my brother-in-law for emergency house repairs. And that is just one little old lady. She likes looking at her childhood town in Italy on Google Earth too.

I just spent two hours changing my online accounts to a new credit card, so it isn't all rainbows and unicorns. Shoulda stuck with PayPal.

  • Like 1
  • +1 1
Link to comment
Share on other sites

V.T. Eric Layton

For some, the Internet/computers are a necessity. That's OK. For me, though, they're not. I can still write a check to pay bills. All I need is $$$. ;)

Link to comment
Share on other sites

On 10/2/2021 at 4:28 PM, V.T. Eric Layton said:

A quick little permissions tutorial written by a fellow Slacker and pal o' mine, Mathew Fillpot about a decade ago...

 

https://www.linux.com/training-tutorials/understanding-linux-file-permissions/

 

Neat article and guide.

 

I was confused over the " x " meaning and his explanation helped.

 

Quote

execute – The Execute permission affects a user’s capability to execute a file or view the contents of a directory.

 

😎

  • +1 1
Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

×
×
  • Create New...