Kevan, On Wednesday 02 March 2005 07:13, Kevanf1 wrote:
On Tue, 01 Mar 2005 07:29:24 -0800, Chris Carlen <crcarle@sandia.gov> wrote:
...
Change your global umask to 000 and see how secure your system is. Will Linux stop you?
No idea. What does it do? Honestly, I don't know. Should I? Is there a site where I can learn more about security on Linux? I would be very interested to know about it as I feel it in everybodies interests for all of us to have a secure system. This then cuts down on junk traffic (virii etc) which then leaves more bandwidth for everybody.
The Unix / Linux concept of the "umask" is probably somewhat obscure, but you really should know about it, especially if you're responsible for administration (of one or more systems). Every time a file system entity (typically either a file or a directory) is created, the program that does so passes an integer argument to the Unix / Linux kernel specifying what permissions it might have. This is a bit-field value that corresponds to the rwxrwxrwx -style mode string printed in the left-most column of an "ls -l" listing. The value passed for this permission is typically "maximal" in the sense that it allows the greatest possible access that makes sense for the kind of entity being created. These values are usually 0666 for plain, non-executable files and 0777 for executable files and directories. (When specified numerically, octal radix is usually used since the bits in a file mode come in groups of 3. Symbolically, these modes are rw-rw-rw- and rwxrwxrwx, resp.) But the kernel does not use the program-supplied mode unchanged. Instead, it turns off the bits from that mode that are set in the umask. This slightly odd-seeming definition makes sense when you consider that it allows cooperative roles between the software, which knows which permission bits are meaningful for the kind of file it's creating (the distinction mostly regarding the execute permission bits), and the user, who knows how permissive they want to be with the files they own. So, to go back to Chris' original point, if you set your umask to 000, then every file you create will have full access to all users. The program (let's say a text editor) will specify 0666 (rw-rw-rw-) and the zero umask will de-assert none of those bits. Your files are readable and writable by everyone who has access to your system (and to the directory in which those files reside). If you're working in a cooperative environment where groups are used to reflect working relationships between various users, then a umask of 002 might be appropriate. Then those files newly created by that text editor would end up with mode 664 (rw-rw-r--). In an environment where a system is shared by users each of whom are working on their own, an appropriate umask might be 022, in which case new plain files would end up with the mode 644 (rw-r--r--). In a paranoid environment where you need to keep your own files private (and not merely safe from tampering), a umask of 044 might be appropriate (or even 055, if you're producing executable files, say, if you're a student using a shared system and taking a programming class). In this case, new plain files would get the mode 0600 (rw-------). The next step is to understand how mode bits are special for directories. I'll leave that tutorial for someone else to write.
...
Kevan Farmer
Randall Schulz