Mailinglist Archive: opensuse-security (520 mails)

< Previous Next >
Antwort: Re: [suse-security] Permissions of /root

> The only sense I can make out of the 711 permission is that root wants
> to have an executable script in /root/bin, which other users should be
> able to execute.

Permissions 0711 on a directory don't make files inside it executable.
Permissions 0711 on a directory mean group and world are allowed to change into
that directory. But while not having the readable flag set, these are not
allowed to look at directory content. Thus

Permissions set:

0711 /root
0700 /root/bin
0755 /root/public_html

Assume nobody.nobody:

cd /root/public_html
ls
-> dir list

cd /root/bin
-> error - no permission

cd /root
ls
-> error - no permission

cd bin
-> error - no permission

this weakens security a little bit. root especially has to be suspicious about
files in '/root'. They all mustn't be readable by group and world. This is
problematic if root tends to be your working account -- but you know, you
mustn't work being root... ;-)

--
Thomas
< Previous Next >
This Thread
  • No further messages