Carolyn Jarie Getter, [EMAIL PROTECTED], said: > I think I run into trouble mostly when my files are buried ten > directories down a tree. Okay, maybe not ten, but definitely down the > tree. Am I correct that to read, write or execute, say, three > directories down a tree, I have to give read, write, and execute > privileges to each of the directories in that tree? > That makes me a bit nervous. No. You do not need read and write on the directories above. You only need execute. Basically, for directories, read lets you ls, write lets you create files, and execute lets you cd into it and get at anything in it (or its subdirectories). Example: > ls -l total 24 drw-r--r-- 2 user group 8192 Jun 19 13:47 no_execute d-wx--x--x 2 user group 8192 Jun 19 13:48 no_read For a directory with read permissions but no execute permissions, I can ls it (read), but I cannot cd into it, or read files inside it, even if I have read permissions on the file. > ls no_execute/ file subdir > cd no_execute/ no_execute/: Permission denied. > cat no_execute/file cat: cannot open no_execute/file I also cannot cd to subdirectories. > cd no_execute/subdir no_execute/subdir: Permission denied. For a directory with execute permissions but no read permissions, I can't ls it, but I can cd into it and read files in it. > ls no_read/ no_read/: Permission denied > cat no_read/file stuff > I can also cd into subdirs (and ls them) > cd no_read/subdir > ls You might want to try some of this yourself (on scratch files, of course) to see what you can and cannot do (owner of the file can always change permissions). It's good that you're nervous about that. Many security holes arise from someone not being nervous enough, or ignoring their nervousness. > The SUID bit has me a bit perplexed as well. I swear that I have it set > on the appropriate files, but I can't get whatever it is to function. > Yesterday, I tried to get ppp working using SUID where I thought > necessary. No cigars. Login as root and I get it running no sweat. > Incredibly frustrating, that, especially when it happens nearly every > time I try to install something! (error messages and ls -l ing the appropriate files would be nice if you're asking for help.. Nobody else can tell what's going on if you just say "It doesn't work") Last time I set up ppp it involved quite a few scripts and programs, you may be missing a few. But really, what's wrong with running it as root? Even if nobody cracks root with it (which, iirc, would be fairly trivial with my ppp; it would allow you to specify a program to run when the connection went up or down), there are any number of fun (or for you, not so fun) things that can be done with suid ppp, such as kill your connection, make your modem call 1-900 numbers, get your isp password, etc. > Reading about the security problems bad permissions and SUID open up > doesn't make it any easier! I'm finding far too much of the > documentation reads something like "There are some lamers who SUID on > file LMNOP. That is such a stupid and obvious security hole." There > is nothing said about what the lamer should be doing. IMO, many linux distributions are insecure enough as installed, but I agree that the big flashing "DON'T EVER EVER DO THIS" is a bit overused; it'd be far more useful to explain why. Remember, every time you make something suid, you're just adding another possible way to get root. Generally, if you've got a suid executable, and someone can make it (or any program it calls, or library it uses) crash, or convince it to write over any executable, or essentially do anything it wasn't exactly meant to do, they can get root. _______________________________________________ techtalk mailing list [EMAIL PROTECTED] http://www.linux.org.uk/mailman/listinfo/techtalk
