Hi everyone, jsut wondering about the permissions in i.e. /sbin and /etc/init.d I found a lot (in /sbin nearly all) programs do have 755 and root.root The permission in rc.config are set to PERMISSION_SECURITY="secure local" Stumbled over this on a RH system but SuSE seems not to do better. Or is this considered harmless? Christian -- we reject: kings, presidents, religions we accept: working code
* Christian Lox (lox@netzwerkplanet.de) [020302 09:57]:
jsut wondering about the permissions in i.e. /sbin and /etc/init.d
I found a lot (in /sbin nearly all) programs do have 755 and root.root The permission in rc.config are set to PERMISSION_SECURITY="secure local" Stumbled over this on a RH system but SuSE seems not to do better. Or is this considered harmless?
That's your decison but set PERMISSION_SECURITY="paranoid local" and run SuSEconfig to make this much more restrictive. Of course, you can set whatever you want in /etc/permissions.local as well. -- -ckm
jsut wondering about the permissions in i.e. /sbin and /etc/init.d
I found a lot (in /sbin nearly all) programs do have 755 and root.root The permission in rc.config are set to PERMISSION_SECURITY="secure local" Stumbled over this on a RH system but SuSE seems not to do better. Or is this considered harmless?
That's your decison but set PERMISSION_SECURITY="paranoid local" and run SuSEconfig to make this much more restrictive. Of course, you can set whatever you want in /etc/permissions.local as well.
Chris is right. In addition to that, restricting access to these binaries
does not make much sense. A local user brings his own binaries if you
chmod them, and if you're not root, permissions 755 don't matter that much
for most cases in /sbin. Examples: fdisk, e2fsck, quotaon, mingetty,
ipchains, ...
Thanks,
Roman.
--
- -
| Roman Drahtmüller
participants (3)
-
Christian Lox
-
Christopher Mahmood
-
Roman Drahtmueller