LinuxQuestions.org
Latest LQ Deal: Complete CCNA, CCNP & Red Hat Certification Training Bundle
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 06-16-2015, 03:06 PM   #16
hat1208
LQ Newbie
 
Registered: Jul 2013
Posts: 16

Original Poster
Rep: Reputation: Disabled

suicidaleggroll,

That's it!!!!!! Change the owner, group of .ssh ran the command and transferred the file with no user intervention. I don't understand put the output in the tags or I would. You have been a great help, thank so much.
 
Old 06-16-2015, 03:08 PM   #17
hat1208
LQ Newbie
 
Registered: Jul 2013
Posts: 16

Original Poster
Rep: Reputation: Disabled
I didn't know what I was expecting to happen either, but if root owns them nothing is going to access or change them. What do you mean by the reference to 750 on home directory?
 
Old 06-16-2015, 03:18 PM   #18
suicidaleggroll
LQ Guru
 
Registered: Nov 2010
Location: Colorado
Distribution: OpenSUSE, CentOS
Posts: 5,258

Rep: Reputation: 1947Reputation: 1947Reputation: 1947Reputation: 1947Reputation: 1947Reputation: 1947Reputation: 1947Reputation: 1947Reputation: 1947Reputation: 1947Reputation: 1947
ssh complains when the permissions on .ssh/config are too lax because that file can't be trusted anymore. Somebody could maliciously add an entry in your config so that "server" pointed to a custom man-in-the-middle IP address, so the next time you ran "ssh server" it actually connected to their system instead of the one you expect, and they intercept your password.

All you accomplished by changing the owner to root was preventing anybody from being able to use the file or directory, including dp3. You might as well have just deleted the file, it would have accomplished the same thing.

Right now it looks like the permissions on your home directory are set to 777. That means ANYBODY who has access to your computer under any account can create, delete, or modify ANY FILE in dp3's home directory. There has to be SOME reason you did this (destroying the security of your user's home directory in the process). Whatever that reason is, it was wrong, there is a better way of doing whatever it is you were trying to do. So change your home directory's permissions back to 750, and I sure hope this is a single-user machine, otherwise everything in your home directory has been compromised.
 
Old 06-16-2015, 03:55 PM   #19
hat1208
LQ Newbie
 
Registered: Jul 2013
Posts: 16

Original Poster
Rep: Reputation: Disabled
All users on our systems have an exec command in their profile that give them access to the files and printers they need. Any interruption of that shell logs them out and they have no access to the command prompt. I and my boss are the only people that have command line access and I have executable scripts in the bin directory under /home/dp3/bin. Also these machines are behind a firewall and not accessible to the general public. I hope this all makes sense. I get the feeling that you have more administration experience than I.
 
Old 06-16-2015, 05:41 PM   #20
suicidaleggroll
LQ Guru
 
Registered: Nov 2010
Location: Colorado
Distribution: OpenSUSE, CentOS
Posts: 5,258

Rep: Reputation: 1947Reputation: 1947Reputation: 1947Reputation: 1947Reputation: 1947Reputation: 1947Reputation: 1947Reputation: 1947Reputation: 1947Reputation: 1947Reputation: 1947
Still doesn't explain why you need 777 permissions on your home directory.

I'm not saying it's easy to break out of an exec like that, but there are a LOT of ways one could work around it, and I doubt you've thought of and blocked them all.

It's just not a good idea to use 777 permissions on any directory, especially not your home directory, unless there is absolutely nothing in there that you care about. If everybody needs access to the scripts in /home/dp3/bin, then they shouldn't be in /home/dp3/bin, they should be in /usr/local/bin or another similar location with global read-only access.
 
Old 06-17-2015, 01:41 PM   #21
hat1208
LQ Newbie
 
Registered: Jul 2013
Posts: 16

Original Poster
Rep: Reputation: Disabled
Solved
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
[SOLVED] sftp asking for password authentication but my public key is passwordless slepthien Linux - Newbie 9 03-07-2014 09:49 AM
Trying to get SFTP to use public key authentication Phaethar Linux - Software 1 12-07-2013 03:46 AM
chrooted sftp on centos 6.4 and public key auth garba Linux - Security 1 10-08-2013 01:52 PM
password less sftp connectivity using public key kashifchughtai Linux - Newbie 7 06-24-2013 09:49 PM
SFTP without password and without public/ private key iamakshay Programming 2 10-19-2009 05:35 PM


All times are GMT -5. The time now is 08:42 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration