LinuxQuestions.org
Welcome to the most active Linux Forum on the web.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - General
User Name
Password
Linux - General This Linux forum is for general Linux questions and discussion.
If it is Linux Related and doesn't seem to fit in any other forum then this is the place.

Notices


Reply
  Search this Thread
Old 01-16-2015, 10:41 PM   #1
OtagoHarbour
Member
 
Registered: Oct 2011
Posts: 312

Rep: Reputation: 3
sudo chmod -R o-w /


I was wondering if any problems would be caused by disabling writing by non-owners throughout a Linux system using

Code:
sudo chmod -R o-w /
Why would one want non-owners to be able to write to a directory,particularly if it is a single user system?
 
Old 01-16-2015, 11:43 PM   #2
veerain
Senior Member
 
Registered: Mar 2005
Location: Earth bound to Helios
Distribution: Custom
Posts: 2,524

Rep: Reputation: 319Reputation: 319Reputation: 319Reputation: 319
See your /etc/passwd/group file. It may have many owners and groups. So doing such a change might affect some programs. Also specifically setting required permissions for different users/program is a good way.
 
1 members found this post helpful.
Old 01-17-2015, 02:14 PM   #3
Daws
Member
 
Registered: May 2006
Location: UK
Distribution: Debian
Posts: 448

Rep: Reputation: 37
On sane distributions that will already be the case for all directories except /tmp, /var/tmp and a few special directories.

On my system:
Code:
# find / -type d -perm -o=w
shows only directories in:
Code:
/tmp
/var/tmp
/dev/mqueue
/dev/shm
/run/lock
have o+w set, you shouldn't change this.

To look for files writeable by anyone use -type f in that command. Only /proc shows up when I do that on mine. /proc is a special filesystem used by the kernel, I'm not sure /proc's file permissions are even relevant or adhered to. Regardless, I wouldn't mess with it.

Last edited by Daws; 01-17-2015 at 02:18 PM. Reason: typo
 
2 members found this post helpful.
Old 01-18-2015, 03:39 PM   #4
OtagoHarbour
Member
 
Registered: Oct 2011
Posts: 312

Original Poster
Rep: Reputation: 3
Quote:
Originally Posted by veerain View Post
See your /etc/passwd/group file. It may have many owners and groups. So doing such a change might affect some programs. Also specifically setting required permissions for different users/program is a good way.
Excellent point! There are several non-human accounts that probably need write access.

Thanks,
OH
 
Old 01-18-2015, 07:07 PM   #5
OtagoHarbour
Member
 
Registered: Oct 2011
Posts: 312

Original Poster
Rep: Reputation: 3
Quote:
Originally Posted by Daws View Post
On sane distributions that will already be the case for all directories except /tmp, /var/tmp and a few special directories.

On my system:
Code:
# find / -type d -perm -o=w
shows only directories in:
Code:
/tmp
/var/tmp
/dev/mqueue
/dev/shm
/run/lock
have o+w set, you shouldn't change this.

To look for files writeable by anyone use -type f in that command. Only /proc shows up when I do that on mine. /proc is a special filesystem used by the kernel, I'm not sure /proc's file permissions are even relevant or adhered to. Regardless, I wouldn't mess with it.
Sorry about my slow reply.

I had those and also
/tmp/.ICE-unix
/tmp/.X11-unix
/var/lib/php5

Nothing was returned with -type f appended.

Thanks,
OH

Last edited by OtagoHarbour; 01-18-2015 at 07:23 PM.
 
Old 01-19-2015, 09:37 AM   #6
sundialsvcs
LQ Guru
 
Registered: Feb 2004
Location: SE Tennessee, USA
Distribution: Gentoo, LFS
Posts: 9,078
Blog Entries: 4

Rep: Reputation: 3170Reputation: 3170Reputation: 3170Reputation: 3170Reputation: 3170Reputation: 3170Reputation: 3170Reputation: 3170Reputation: 3170Reputation: 3170Reputation: 3170
Also, strategies such as this are better handled by means of "policy-based permissions," which Linux natively does not have, but which can be done by various means.

For example, most filesystems support "access-control lists (ACLs)," which are similar. The PAM = Pluggable Authentication Modules system can also be used to implement rules. Distributions such as SELinux = Security Enhanced Linux carry the notion much farther.

If you simply "go gang-busters with sudo chmod," in the way that you describe, "just to see what happens" ... well ... ... ... well ... ... you just might not like "what happens," and you might discover that you really can't undo what you just impetuously did.

So ... uhh ... don't do that. (You can thank me later.)

"Bad dog. Bad idea. No biscuit ..."
 
Old 01-19-2015, 01:00 PM   #7
rtmistler
Moderator
 
Registered: Mar 2011
Location: MA, USA
Distribution: MINT Debian, Angstrom, SUSE, Ubuntu, Debian
Posts: 7,214
Blog Entries: 12

Rep: Reputation: 2656Reputation: 2656Reputation: 2656Reputation: 2656Reputation: 2656Reputation: 2656Reputation: 2656Reputation: 2656Reputation: 2656Reputation: 2656Reputation: 2656
If it's a single user system why go crazy and risk stuff.

A lot of what Daws said too. When I think about it, there may be a few places beyond one's home directory where you end up putting data or modifying files. Plus the /proc and /tmp file systems, although ephemeral, you'll need access to them as you run programs.

This recalls me back to the early days of Windows when I tried to delete directories not understanding their purpose, but to free up disk space and then found out .... ooops! In essence, tinkering, unknowingly just for the sake of it is not always the right choice.
 
Old 01-21-2015, 07:19 PM   #8
Miati
Member
 
Registered: Dec 2014
Distribution: Linux Mint 17.*
Posts: 326

Rep: Reputation: 106Reputation: 106
Quote:
Originally Posted by rtmistler View Post
If it's a single user system why go crazy and risk stuff ... This recalls me back to the early days of Windows when I tried to delete directories not understanding their purpose, but to free up disk space and then found out .... ooops! In essence, tinkering, unknowingly just for the sake of it is not always the right choice.
Provided the data is backed up and the poking around doesn't expose some kind of network security hole with sensitive data contained or multi-user, I don't see a problem with messing with settings.
Granted, it should expected that you will trash everything. I recall multiple times thinking to myself "what would happen if I did this" & horribly mess up some setting or another.
Then I wipe /, remount to /home (cause I learned by then, seperating /home from / = good idea) and reinstall any programs I wanted.
After doing that, I learned my lesson about x. It was how I learned most of linux

With windows, I lived in fear that I would screw something up and everything would be lost so I never formatted it. Way too scary. Plus, I have no install media, just a obsecure recovery partition.. I also recall deleting windows stuff to free up room.. Big deal if it's windows, doesn't matter much if it's linux. Plus in linux it's much harder to destroy the whole system, you have to intentionally be root or sudo. Windows is just "hey look, random folder" <delete> <reboot> <error>
By pushing the edges & seeing the consequences with a fail-safe of re-installing let's you really discover what makes stuff tick.

Last edited by Miati; 01-21-2015 at 07:20 PM.
 
Old 01-22-2015, 09:53 PM   #9
orasis
Member
 
Registered: Mar 2008
Distribution: Slackware, Free-BSD
Posts: 53

Rep: Reputation: 33
Run a virtual-box session and see what happens!
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
chmod... to make something in /usr/bin run after without sudo tpprynn Linux - General 1 11-04-2013 09:26 PM
LXer: The Ultimate Sudo FAQ To Sudo Or Not To Sudo? LXer Syndicated Linux News 13 04-13-2013 02:36 AM
mkdir: cannot create directory: Read-only file system (Tried sudo and chmod) AsoInfo Linux - Newbie 4 11-28-2012 02:12 AM
Apache: difference between chmod 644 and chmod 666 and chmod 600 for output/txt/dat? frenchn00b Programming 6 04-22-2009 02:10 PM
chmod, external usb, vfat - can't chmod a directory itsjustme Slackware 2 04-02-2006 05:23 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - General

All times are GMT -5. The time now is 12:24 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration