Linux From ScratchThis Forum is for the discussion of LFS.
LFS is a project that provides you with the steps necessary to build your own custom Linux system.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
as a general rule, what directories should be, and should not be executable by others?
The executable bit has a somewhat different meaning in directories than it does in files. In directories the executable bit means that the permitted users can traverse the directory on their way to the files and directories within the directory in question.
So if a user can access the files and directories within a directory in any way then that directory needs the executable bit to be set on.
The executable bit has a somewhat different meaning in directories than it does in files. In directories the executable bit means that the permitted users can traverse the directory on their way to the files and directories within the directory in question.
So if a user can access the files and directories within a directory in any way then that directory needs the executable bit to be set on.
--------------------
Steve Stites
Yes I know that.
The issue is some directories you do not want to be executable by others for security, but other directories, while it might seem nice to prevent that directory from being executable, it will prevent parts of the operating system from working correctly when a person logs in to the desktop as a regular user.
I have compared the list of such directories and compared them to the directories on a linux distribution.
So my question is "as a general rule, what directories should be, and should not be executable by others?"
Or maybe a better question would be, what directories would one definitely not want to be set executable for others.
Just asking if anyone has a real opinion on the matter.
If you want any file or directory to be accessible to others then the executable bit must be set for others in all directories in the path to the accessible file or directory. So you make a list of what files and directories can be accessed by others and then set the others executable bit in all directories that must be traversed in order to reach the files and directories that you are allowing others access to. You do not set the others executable bit in the directories that others have no need to traverse.
My question is more of what particular common directories, as a rule of thumb should and should not be executable, if someone has a general opinion on that.
I seriously doubt any distro would ship with incorrect directory/file permissions. What directories you found had incorrect permissions in your system?
I seriously doubt any distro would ship with incorrect directory/file permissions. What directories you found had incorrect permissions in your system?
This is the LFS forum.
LFS is a book that tells how to build Linux from scratch.
the only directories I find that are group-readable but not group-executable are ~/.pki/ in root's and users' home directories. I do find a few directories on Fedora 23 that are group-executable but not group-readable (i.e., you can access a file if you already know its name, but you cannot list the names). Those are /var/spool/cups/ (mode 710), and /var/log/gdm/ and several /var/lib/libvirt/ directories (mode 711).
To find directories without permissions of others executable, and using newline delimiter, list long list format human readable directories only, tee to log file:
find / -type d ! -perm -o+x | xargs -d "\n" ls -lhd 2>&1 | tee nonexecutabledirectories.txt
I updated the code to use the delimiter new line, as the previous was giving some errors with file directory names with spaces.
Or to make a simple list without long listing:
Code:
find / -type d ! -perm -o+x | tee nonexecutabledirectoriesshort.txt
For some reason I'm getting more directories listed with this short code, and in different order.
Running this short list code on Mandriva 2010. I'm finding that the directories listed are:
Code:
/.dbus
/.dbus/session-bus
A number of directories in
/root/
A number of directories in
/tmp/
/dev/vboxusb
A number of directories in
/etc/
A lot in
/var/
A lot in
/home/
A lot in
/proc/
/lost+found
And the following seem strange that they would be not -o x:
/usr/lib/mozilla/extensions
/usr/share/doc/libgd-devel
/lib/firmware/rtlwifi
/usr/share/polkit-1/rules.d
/lost+found
/run/lock/lvm
A lot in
/proc/
/root
A number of directories in
/root/
/etc/polkit-1/rules.d
/etc/cups/ssl
A lot in
/home/
/var/cache/ldconfig
/var/cache/cups
/var/lib/sshd
/var/lib/NetworkManager
/var/spool/cups
/var/spool/cups/tmp
/usr/libexec
was previously not -o+x so I fixed that, and my desktop worked better. So that is what started my question.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
