LinuxQuestions.org
Download your favorite Linux distribution at LQ ISO.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 08-08-2010, 12:09 PM   #1
petroska
LQ Newbie
 
Registered: Feb 2008
Posts: 4

Rep: Reputation: 0
File Permissions and Logs


Hi,

I am on a computer with several user accounts, and I just found out that all my files had rwx permissions for all users by default. The first question is: can I somehow see if somebody copied any of these files (I know that I can check the timestamps with ls -lu, but that doesn't tell me if somebody copied the file).

The second question is: what does it mean that a directory has a rwx--x--x permission? What can the others do with the folder?

Thanks
 
Old 08-08-2010, 12:28 PM   #2
zootboy
Member
 
Registered: Nov 2008
Location: In a dumpster, with my laptop.
Distribution: Fedora
Posts: 124

Rep: Reputation: 25
It would be difficult to tell if anyone has copied your files, but you could run a simple 'find' command on the computer to see if there are any copies lurking around.

As for your second question, welcome to the world of linux file permissions. A good tutorial will really help you out, but here's the answer to your question:
The directory (permissions 711) gives full Read/Write/eXecute permission to the owner. It gives only eXecute permission to group and all users. Execute permission gives the user the ability to 'cd' into the directory. In this situation, that is mostly harmless because they cannot read or write data in the folder, nor can they list the files.
 
Old 08-08-2010, 12:31 PM   #3
rew
Member
 
Registered: May 2010
Posts: 35

Rep: Reputation: 3
.... but note that they can access files in those directories (respecting the permissions on those files) if they know the filename..
 
Old 08-08-2010, 12:49 PM   #4
zootboy
Member
 
Registered: Nov 2008
Location: In a dumpster, with my laptop.
Distribution: Fedora
Posts: 124

Rep: Reputation: 25
Good point. The permissions of the parent directory do not always automatically protect the files inside the directory, and my post may have been a bit misleading. Here's some clarification: If the directory has execute permissions, a user can 'cd' into the directory and read any files that have read permissions. If the directory does not have execute permissions, a user cannot read files in that directory. In either case, a user needs read permissions to list the files in a directory.
 
Old 08-08-2010, 12:59 PM   #5
rahulkya
Member
 
Registered: Feb 2009
Location: New Delhi
Distribution: Linux mint,Ubuntu,Debian,RHEL 5,slackware 13.1, free BSD,solaris.
Posts: 186
Blog Entries: 3

Rep: Reputation: 33
you can use chown and chmod for further security
 
Old 08-08-2010, 01:07 PM   #6
zootboy
Member
 
Registered: Nov 2008
Location: In a dumpster, with my laptop.
Distribution: Fedora
Posts: 124

Rep: Reputation: 25
And with both of those commands, you can make them apply recursively (all sub-directories and files within) by using the -R flag.

For example:

Code:
chmod -R 700 /home/zootboy/secrets/
would make my whole secrets folder, along with all the files and folders in it, unreadable to everyone but me (and root).
 
Old 08-08-2010, 02:54 PM   #7
petroska
LQ Newbie
 
Registered: Feb 2008
Posts: 4

Original Poster
Rep: Reputation: 0
Quote:
Originally Posted by zootboy View Post
Good point. The permissions of the parent directory do not always automatically protect the files inside the directory, and my post may have been a bit misleading. Here's some clarification: If the directory has execute permissions, a user can 'cd' into the directory and read any files that have read permissions. If the directory does not have execute permissions, a user cannot read files in that directory. In either case, a user needs read permissions to list the files in a directory.
So if I set the permission of my home folder to rwx------, and if there is a file in the folder which has rwxrwxrwx and someone knows the name and the path to this file, he wouldn't be able to read it? and if the home folder had rwx--x--x, he could read it?

Regarding the copying, isn't there at least some log where such an information could be stored (apart from bash history of users)?
 
Old 08-08-2010, 03:51 PM   #8
zootboy
Member
 
Registered: Nov 2008
Location: In a dumpster, with my laptop.
Distribution: Fedora
Posts: 124

Rep: Reputation: 25
That is correct. A user has to be able to 'cd' into the directory of a file in order to read it.

As for copying, there is no built-in log of these sorts of things. If you'd like to set one up, look into the 'audit' package. It is a very powerful system logging and monitoring package.
 
Old 08-08-2010, 06:17 PM   #9
jv2112
Member
 
Registered: Jan 2009
Location: New England
Distribution: Arch Linux
Posts: 719

Rep: Reputation: 103Reputation: 103
If you really want a list of what has been accessed the format below for find can work.


Code:
sudo find /home/ -type f -atime +1 -iname *mp3 > Concerns
/home/ --> Directories you are concerned about

-atime +# --> # of days since concern.

*XXX (mp3 above) --> break it down by file extension to get smaller sub sets or leave off if you want a full list.

Then just open "Concerns" with any text editor to review.
 
Old 08-08-2010, 10:58 PM   #10
zootboy
Member
 
Registered: Nov 2008
Location: In a dumpster, with my laptop.
Distribution: Fedora
Posts: 124

Rep: Reputation: 25
That will only show when the file was last accessed at all. It won't really reveal which user did it. Also, some processes may access your files automatically, like updatedb. I'm not sure if it would affect the find command listed above, but other cron jobs may.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
How to search logs between two timestamps in a log file. ram.venkat84 Linux - Newbie 2 11-19-2009 02:04 AM
File permissions v. directory permissions Completely Clueless Linux - Newbie 7 07-09-2009 09:33 AM
Log iptables logs into other file Tux-Slack Slackware 2 11-18-2007 02:57 PM
file permissions OK, but command permissions? stabu Linux - General 2 10-05-2005 01:00 PM
ProFTPd logs in, but won't get file list. JCdude2525 Linux - Software 2 10-24-2004 04:42 PM


All times are GMT -5. The time now is 06:29 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration