[opensuse] Something keeps setting my home directory to group-writable!
Hi all. Some apparently misconfigured process on my system keeps setting my home directory to group-writable (perms 775 instead of 755). It happened after a reboot last night (when I was rearranging some power and network cabling) and again after I issued a mount -a -o remount whilst troubleshooting another issue. Both times I su'ed to root and did chmod 755
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Monday, 2011-11-21 at 15:55 +1030, Rodney Baker wrote:
Is there any way to trace what process is changing the write perms on /home/<user>? Anything I can turn on to audit this? I'd love to track this down and make sure that it stops!
Fri, 06 Mar 2009 12:39:26 -0300 Cristian Rodríguez wrote about a trick to learn who was changing /dev/null: +++··················· # auditctl -w /dev/null -p a # auditctl -e 1 and then watch the logs... if auditctl is not found, when you execute it as root, install package .. use "ausearch -f /dev/null" to get precise results of what is changing permissions of /dev/null ···················++- HTH - -- Cheers, Carlos E. R. (from 11.4 x86_64 "Celadon" at Telcontar) -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.16 (GNU/Linux) iEYEARECAAYFAk7K6tIACgkQtTMYHG2NR9WzegCgiOMS/zWoHb82sg6BiwGzr8j5 kRgAn0aPrxyZUOrskxevei5RKynCHncc =m50g -----END PGP SIGNATURE-----
On Tue, 22 Nov 2011 10:50:34 Carlos E. R. wrote:
On Monday, 2011-11-21 at 15:55 +1030, Rodney Baker wrote:
Is there any way to trace what process is changing the write perms on /home/<user>? Anything I can turn on to audit this? I'd love to track this down and make sure that it stops!
Fri, 06 Mar 2009 12:39:26 -0300 Cristian Rodríguez wrote about a trick to learn who was changing /dev/null:
+++··················· # auditctl -w /dev/null -p a # auditctl -e 1
and then watch the logs... if auditctl is not found, when you execute it as root, install package .. use "ausearch -f /dev/null" to get precise results of what is changing permissions of /dev/null ···················++-
HTH
Thanks, Carlos. I just found the docs on the audit framework and was looking through it when your reply appeared. I've set it up to watch /home/<user> so we'll see what happens. :-) -- =================================================== Rodney Baker VK5ZTV rodney.baker@iinet.net.au =================================================== -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Tuesday, 2011-11-22 at 11:01 +1030, Rodney Baker wrote:
Thanks, Carlos. I just found the docs on the audit framework and was looking through it when your reply appeared. I've set it up to watch /home/<user> so we'll see what happens.
:-)
Welcome! I'll be very interested to learn if that trick works (never used it myself), and also to learn what is changing your system. - -- Cheers, Carlos E. R. (from 11.4 x86_64 "Celadon" at Telcontar) -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.16 (GNU/Linux) iEYEARECAAYFAk7LA6QACgkQtTMYHG2NR9UWKACfaY/0kIlQeCqC1jWNRryqsUJg 904An3r5Oerihx8sathEX/KVT9WzuHXW =lv3/ -----END PGP SIGNATURE----- -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
participants (2)
-
Carlos E. R.
-
Rodney Baker