LinuxQuestions.org
View the Most Wanted LQ Wiki articles.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Slackware
User Name
Password
Slackware This Forum is for the discussion of Slackware Linux.

Notices

Reply
 
LinkBack Search this Thread
Old 04-29-2004, 10:16 AM   #1
lazlow69
Member
 
Registered: Jan 2003
Location: Central New Jersey
Distribution: Knoppix to play, Slack current, OpenBSD stables
Posts: 111

Rep: Reputation: 15
/usr/sbin and /sbin world read/executable... why?


I'm slowly learning the ins-and-outs of securing my lovely slack box, and have developed some questions along the way. I was hoping I could bounce two off of the community:

(1) One question in particular, which I haven't seen very informative responses to just yet is the notion of the /usr/sbin and /sbin directories, and why they are chmodded to 555 by default (world readable and executable). It seems dangerous to have all those scripts and binaries open to all users. I known running certain daemons as non root will be a moot point since they can't bind below port 1024 anyway, but things like hdparm, etc... Why are they by default open to the world of users on the machine?

(2) Follow up: Can these directories be chmodded to 550 (owner and group executable, but nothing for world) safely? Will this changes cause untold havoc in random programs, or is this a safe and effective move?

Any advice or directions to other threads or discussion on the subject would be quite lovely! Also, answers don't have to be slack specific, I recognize that this is a cross-distro question.

Thanks!
 
Old 04-29-2004, 10:43 AM   #2
slakmagik
Senior Member
 
Registered: Feb 2003
Distribution: Slackware
Posts: 4,113

Rep: Reputation: Disabled
755 and 750?

Doesn't matter if you can run hdparm - the device files are root:disk and not world-readable, so you can't do anything with it. I can't think of a reason why you couldn't chmod the programs 750 from the system's point of view but you don't want to do that with /usr/bin or even some things in sbin. Unless you set up special groups you, as user:users, wouldn't have permission to them.
Code:
ls -l /usr/bin/tail
-rwxr-xr-x    1 root     bin         35244 Sep 18  2003 tail
If that was 750, you couldn't run it and that would suck.
 
Old 04-29-2004, 04:31 PM   #3
lazlow69
Member
 
Registered: Jan 2003
Location: Central New Jersey
Distribution: Knoppix to play, Slack current, OpenBSD stables
Posts: 111

Original Poster
Rep: Reputation: 15
I understand what you are saying regarding the /usr/bin and /bin directories of the system. My question was regarding the applications in /sbin and /usr/sbin... Any opinions on making these non executable for world, or non readable?

Thanks for the input, though.
 
Old 04-29-2004, 05:06 PM   #4
slakmagik
Senior Member
 
Registered: Feb 2003
Distribution: Slackware
Posts: 4,113

Rep: Reputation: Disabled
Oh. I'm brain-damaged. I read /sbin and /usr/sbin as /usr/bin and /usr/sbin somehow. Sorry about that. No, like I say, most things have safeguards aside from the permissions they have, so I don't know it would help much, but I can't really think of a reason why you couldn't restrict permissions. Might screw up the three-fingered salute or something, and there might be more subtle issues, but it seems doable to me. I got curious and did a little googling and it seems like it is recommended sometimes and I didn't see anything saying *not* to.

This might have been better in Security, incidentally. unSpawn and the security gang would know for sure.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off
Trackbacks are Off
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
/sbin/rc: line 271: /sbin/devfsd: No such file or directory Alexander.s Linux - General 3 04-22-2005 04:44 PM
Want2use /sbin cmds undr non-root account w/o sudo. Is it safe 2 add /sbin 2 my PATH? kornerr Linux - General 4 02-25-2005 09:29 AM
As root, not seeing /sbin and /usr/sbin in path weghman Linux - Newbie 3 04-25-2004 01:06 PM
/sbin vs /usr/sbin !?!?!? different? sirpelidor Red Hat 1 10-24-2003 03:33 AM
/sbin/clock and /sbin/hwclock: out of memory problems victor2000 Linux - General 0 07-29-2003 03:16 PM


All times are GMT -5. The time now is 04:41 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration