[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Feature Request: disallow world-writable files in chmod

From: Ben Lentz
Subject: Re: Feature Request: disallow world-writable files in chmod
Date: Thu, 4 Jul 2013 09:35:49 -0400

On Thu, Jul 4, 2013 at 8:12 AM, Jaroslav Rakhmatoullin
<address@hidden> wrote:
> If a user wants to (makes the mistake of) let others delete their files,
> it's not "your job" to teach them otherwise. Compare to "real life"; someone
> leaves a bike on the street unlocked and someone else steals it. Does it
> make sense to file a complaint to the police department about not educating
> people of this danger? Now, if the user has an elevated role on your system

I agree, although (where I work) the sysadmin staff is held
responsible for file system permission audits and penetration test
results. A bit unfair as we have users on our systems that cause the
findings... I don't have any FAT32 in my environment and past
experience (shell histories) has shown that users are, in fact, doing
this to themselves.

An ounce of prevention is worth a pound of cure, and I think we may be
able to agree that 777ing a whole mess of files is generally not a
necessary thing to do - so if I can help stop a user from
"incorrectly" setting permissions by giving them a warning message,
that may help reduce the number of wide-open files I have on my
systems. This reduces the security exposure I have as well.

While I do agree with restricting something like this at the kernel
level (SELinux or whatnot), I guess I was hoping for something a
little more portable (operating system agnostic) and perhaps a little
less drastic.

Like I said, never mind... throw me on the pile of rejected feature requests :-)

reply via email to

[Prev in Thread] Current Thread [Next in Thread]