|
Home > Archive > Linux Debian support > March 2005 > Horray for Permissions
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
| Author |
Horray for Permissions
|
|
| Ruediger 2005-03-01, 5:45 pm |
| Hello,
After solving numerous troubles I had ( former postings all problems solved
in one or another way, thank you all very much ) I found that I am able to
read and edit /etc/passwd as a normal user. Actually, all permissions seem
to be of the same security level as Windows, aka: Guest may format
everything.
On SuSE there is a tool to set permissions globally, which changes the
permissions according to several security levels ( changing SUID on many
files, setting some more read and / or write bits on numerous files ) , is
there a similar solution for Debian? I'm not looking forward checking 25k
files for their permissions!
--
Sincerely
Ruediger
| |
| John Hasler 2005-03-01, 5:45 pm |
| Ruediger writes:
> I found that I am able to read and edit /etc/passwd as a normal
> user. Actually, all permissions seem to be of the same security level as
> Windows, aka: Guest may format everything.
If I understand you correctly (I know little about Microsoft Windows) root
must have run 'chmod -R a+rw /'.
> On SuSE there is a tool to set permissions globally, which changes the
> permissions according to several security levels ( changing SUID on many
> files, setting some more read and / or write bits on numerous files ) ,
> is there a similar solution for Debian?
There are tools that check permissions on some sensitive files, but none
that I know of that fix everything.
--
John Hasler
| |
| Peter J Ross 2005-03-01, 8:45 pm |
| On Tuesday 01 March, Ruediger wrote in alt.os.linux.debian:
> Hello,
> After solving numerous troubles I had ( former postings all problems solved
> in one or another way, thank you all very much ) I found that I am able to
> read and edit /etc/passwd as a normal user.
You ought to be able to read it as a normal user but not modify it.
[~]$ ls -l /etc/passwd
-rw-r--r-- 1 root root 1300 2005-02-17 22:55 /etc/passwd
> Actually, all permissions seem
> to be of the same security level as Windows, aka: Guest may format
> everything.
> On SuSE there is a tool to set permissions globally, which changes the
> permissions according to several security levels ( changing SUID on many
> files, setting some more read and / or write bits on numerous files ) , is
> there a similar solution for Debian? I'm not looking forward checking 25k
> files for their permissions!
You could try using a tool such as bastille, but it isn't guaranteed
to find every problem.
PJR :-)
--
alt.usenet.kooks award-winners and FAQ:
http://www.insurgent.org/~kook-faq/
[To reply by email, remove "NOSPAM".]
| |
| Schott 2005-03-02, 5:45 pm |
| On Tue, 01 Mar 2005 15:58:33 +0100, Ruediger wrote:
> Hello,
>
> After solving numerous troubles I had ( former postings all problems solved
> in one or another way, thank you all very much ) I found that I am able to
> read and edit /etc/passwd as a normal user.
Hello,
/etc/passwd readable by anyone is OK with me. Being writable by anyone is
a huge security hole, as anyone can understand.
I don't know how you got in this situation, but correct permissons for
/etc/passwd are:
-rw-r--r-- 1 root root
so the best advice I can give you is: chown root:root/etc/passwd ; chmod
644 /etc/passwd .
BTW, you should also chec /etc/shadow: -rw-r----- 1 root shadow on sarge
( -rw------- would look right to me)
Best regards,
Schott
| |
| Neil Woods 2005-03-04, 7:45 am |
| On Tue, Mar 01 2005, Ruediger wrote:
> Hello,
>
> After solving numerous troubles I had ( former postings all problems
> solved in one or another way, thank you all very much ) I found that I
> am able to read and edit /etc/passwd as a normal user. Actually, all
> permissions seem to be of the same security level as Windows, aka:
> Guest may format everything.
Then you have a potential security nightmare.
> On SuSE there is a tool to set permissions globally, which changes the
> permissions according to several security levels ( changing SUID on
> many files, setting some more read and / or write bits on numerous
> files ) , is there a similar solution for Debian? I'm not looking
> forward checking 25k files for their permissions!
You can install tiger, which will perform a security audit of your
machine. I'm not aware of any tool which will reset perms on a global
basis.
--
Neil Woods <cnw+usenet@pobox.com>
/* The Unixverse ends on Tue, 19 Jan 2038 03:14:07 +0000 */
|
|
|
|
|