[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [lmi] Is 'chmod 771' merely silly, yet not harmful?

From: Greg Chicares
Subject: Re: [lmi] Is 'chmod 771' merely silly, yet not harmful?
Date: Mon, 17 Feb 2020 23:12:34 +0000
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Thunderbird/68.4.1

On 2020-02-16 23:37, Vadim Zeitlin wrote:
> On Sun, 16 Feb 2020 21:50:37 +0000 Greg Chicares <address@hidden> wrote:
> GC> Invoking 'install_redhat.sh' causes these commands to be executed:
> GC> 
> GC>   mkdir -p   /srv/chroot/"${CHRTNAME}"
> GC>   chgrp lmi  /srv/chroot/"${CHRTNAME}"
> GC>   chmod 2770 /srv/chroot/"${CHRTNAME}"
> GC>   umask 0007
>  I'm curious, what's the reason for using such restrictive umask for the
> "other" users, especially knowing that they aren't supposed to be any?

If I spent an hour reading about coronavirus, and I had a face mask
handy, I might start wearing it. (If I had read just enough, that is,
to be ill informed; with more thorough knowledge, I'd realize that
the main benefit of a face mask is to make an already-infected wearer
less likely to infect others.)

In this case, I read some articles claiming that a default 022 umask
is too liberal, and 027 is more secure. Accordingly, I chose 007 here
instead of 002. But tell me if you'd prefer 002 and I'll make it so.

> GC> which gives /var/chroot.../usr/sbin/policy-rc.d 0771 permissions
> GC> and ownership of root:lmi.
> [...]
> GC> Vadim--Do you agree that this doesn't require any correction?
>  What I don't understand is why can't you just do "chmod 755" on it? Is
> there something obvious I'm missing here? Because this looks like by far
> the simplest way to ensure that no problems happen.

I was trying to decide among the various complex approaches that had
occurred to me, and this simple idea didn't cross my mind. Adopted
in commit 2bfa77a4366.

reply via email to

[Prev in Thread] Current Thread [Next in Thread]