[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: lynx-dev Re: who owns what

From: David Woolley
Subject: Re: lynx-dev Re: who owns what
Date: Sat, 10 Oct 1998 11:52:18 +0100 (BST)

> this is the result of  ksh pathto $HOME :
> drwxr-xr-x   32 root     sys         1024 Sep 30 12:28 /
> lrwxr-xr-x    1 root     sys           13 Jul 13  1995 /homes -> var/adm/homes
>   drwxr-xr-x   32 root     sys         1024 Sep 30 12:28 /
>   drwxr-xr-x   32 root     sys          512 Sep 25 07:28 /var
>   drwxr-xr-x   12 adm      adm          512 Oct  6 20:26 /var/adm
This might well cause some security sensitive software to consider the
home directory unsafe, as the normal rule would be not-writeable to,
or owned by, anyone except the actual user or root.  Because of common,
but probably nowadays unsafe, useage, bin might be accepted as an alternative
to root.

It looks like someone has been shoe-horning directories into whatever 
filesystem would take them and hasn't thought of the ownership consequences.

>   drwxr-xr-x    2 root     sys        99328 Oct  9 09:09 /var/adm/homes

This is big, and might cause performance problems, although the current users'
path information will probably be cached.  Most people would split the 
directory, up, which seems to be the purpose of the u7 part in
the homefs form of the directory name.

I guess there may be an NFS mount somewhere here, but the obvious thing
would have been to put /homefs/u7/purslow directly into the passwd file.

>   lrwxr-xr-x    1 root     sys           18 Mar  5  1998 
> /var/adm/homes/purslow -> /homefs/u7/purslow
>     drwxr-xr-x   32 root     sys         1024 Sep 30 12:28 /
>     drwxr-xr-x   29 root     sys          512 Aug 25 23:41 /homefs
>     drwxr-xr-x   32 root     sys          512 Oct  8 12:19 /homefs/u7
>     drwx--x--x    9 purslow  user         512 Oct  9 07:53 /homefs/u7/purslow

Someone has already commented that this allows access to known filenames.
Most default home directory setups are 755, from the days when Unix was 
used by cooperating workgroups.  It is possible that this has been done
to give a system daemon access to one of your . files, without giving
directory listing permission to every one.  It is probably better to
have 755 on the home directory and reserve 700 for secure subdirectories.

reply via email to

[Prev in Thread] Current Thread [Next in Thread]