would you recommend chmod -R 755 *?
 

Newbie security question:

Would you recommend chmod -R 755 * from / as a general permissions security blanket? What are the drawbacks to this approach? I haven't really seen a catch-all recomendation like this in tutorials, but it is what I have done. Just wondering if there are better possibilities (I am a single user).

I wouldn't recommend that at all... I always use a default umask of 077 which means new files will be rwx for the owner only, and have no access for anyone else.

However, most people find 022 more reasonable, which gives you the 755 permissions you mentioned.

Be careful about your sudo config if you use sudo however, that should never be writable for anyone.

@CodeFish: In fact that is an exceedingly bad idea. You need to be very careful when modifying file permissions, especially when it comes to critical system files. By giving everything 755 permissions, you'd allow anyone to read the password hashes in /etc/passwd or /etc/shadow, which could then be bruteforced rather trivially. You'd also allow anyone to read each others private encryption keys (like ssh private keys), read your firewall rulesets, daemon configuration files, and other critical files that shouldn't be readable except to root. You'd also be allowing anyone on the system to execute any command as well. So joe user could fireup fdisk and blow away your entire filesystem. I'd also bet that you'd experience some random problems with applications trying to use temporary files as many applications need fairly lenient file permissions in /tmp.

It may seem like none of that may apply to someone on a single user system, but file system permissions are an integral part in security and by weakening them, you are making it significantly easier for someone to compromise or damage your system. If you are interested in locking down file permissions, take a look at tools like bastille, Mandrakes built-in security tool called msec or even something like grsecurity instead.