Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

[Debian v3.0 r2] /root & /home/* are worldreadable?!

Posted on 2004-07-30
2
Medium Priority
?
243 Views
Last Modified: 2010-04-22
Hi,
I just want to know if the following is a bug in Debian:

I checked the default (out of the box) permissions of my freshly installed Debian 3.0 r2 installation and found that all directories under /home and the /root are world-readable and world-executable.

Is this normal?

Because I was used to RedHat 8 and all default permissions were 0750 over there...
0
Comment
Question by:dplus
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 23

Expert Comment

by:Mysidia
ID: 11677464
It's completely normal, and is the default for home directories and /root to be world readable and executable.

For one thing, home directories generally need to be world executable if users are running web sites from a public_html
directory: otherwise, the web server can't get in

(Execute permission on a directory means the ability to access data in it, and get into the immediate child
  directories. Read permission on a directory means the ability to get the list of the names of files stored in that
  directory.)

Users often want to share files with each other on a multiuser system.   If they're working with information that needs to be kept secret, they should of course set the permissions on individual files to read by owner only.

(That way if they want to share something later, when they "open up their home directory" they won't be opening up more than they think to the world)

For the privacy concerned, the best practice is to set a good UMASK that controls default permissions of new files
and directories... it's an option that can be set in the login script, .profile, .tcshrc, .cshrc, etc...  i.e.
 umask 077

077  makes new files mode 600 by default and new directories mode 700 by default, for example
(Since 0777 - 077 = 0700    and  (0700 & 0666) = 0600)


0
 
LVL 51

Accepted Solution

by:
ahoffmann earned 150 total points
ID: 11677560
> For one thing, home directories generally need to be world executable if users are running web sites from a public_html directory: otherwise, the web server can't get in

NO, NO
this example just shows a purely/unsecure  configured web server
(rest of explanation is good:)

'cause this is a security TA, I'd sugest 0700 for /home/* and /root
if there is something to share, 0750 for /home/* (but that's unsecure in most cases)
0

Featured Post

Windows Server 2016: All you need to know

Learn about Hyper-V features that increase functionality and usability of Microsoft Windows Server 2016. Also, throughout this eBook, you’ll find some basic PowerShell examples that will help you leverage the scripts in your environments!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

​Being a Managed Services Provider (MSP) has presented you  with challenges in the past— and by meeting those challenges you’ve reaped the rewards of success.  In 2014, challenges and rewards remain; but as the Internet and business environment evol…
BIND is the most widely used Name Server. A Name Server is the one that translates a site name to it's IP address. There is a new bug in BIND (https://kb.isc.org/article/AA-01272), affecting all versions of BIND 9 from BIND 9.1.0 (inclusive) thro…
In this video, Percona Solution Engineer Dimitri Vanoverbeke discusses why you want to use at least three nodes in a database cluster. To discuss how Percona Consulting can help with your design and architecture needs for your database and infras…
Is your data getting by on basic protection measures? In today’s climate of debilitating malware and ransomware—like WannaCry—that may not be enough. You need to establish more than basics, like a recovery plan that protects both data and endpoints.…

604 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question