Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Read docu about umask: This specifies the permission bits to be subtracted from newly created files and directories. After
Code:
umask 555 # do not try this at home, useless
you get -w--w--w- files and directories. Which is useless, because they cannot be accessed. It is not secure also, because the owner (=creator) can change permissions with chmod.
I have a script running on my cloud server that runs chmod 777 on all the files on its SMB share. Goes something like this...
The script will quit every 24 hours or so, but it works while the script is going.
Or you could install incron and have an incrontab set to run any time a file is added to the directory. That way there will be little to no delay.
Instead of using a recursive script without a termination test...
And it is rather insecure - as anyone can change anything in the tree. Even add viruses.
If they can get past the layers of security. User names are cryptic, and the passwords even more so, and they change regularly. Different users for different services. There is no root account. Only I know the IP, which can change as often as I like. That's just to name a few little security features I have.
Anyone trying to hack it is going to get a surprise. I'm a hacker, I do this for a living. I don't think I have an issue with security at the minute. I also want full control over my files. If I don't give myself permission, I can't access my files from the locations that I would like, or via Tor if I need to.
Also, if I got an error, pretty sure I would modify the script so that I no longer get the error.
: the state of being protected or safe from harm - pretty sure my server protected and safe from harm.
: things done to make people or places safe - Strong password, hardware firewall (didn't mention that before), and whatever I added previously. Illusion? Really?? Relative security, yes. Absolute security, absolutely not.
: the area in a place (such as an airport) where people are checked to make sure they are not carrying weapons or other illegal materials - You're checked at the login screen. You fail 5 times you're out for about a minute. A pain to hack unless you are a professional who is familiar with the low-level workings of a UNIX system, and can manipulate it over a network. Very few people can do this, and the vast majority charge big bucks and/or work for the NSA. You're not from the NSA are you? The average script kiddy that would try to hack a SSH server using common login/passwords would utterly fail at this. My password isn't root123, it's more like &UJM5tgb&UIJK<0p;/&^YUHJN (only a little longer). Try that one with ophcrack.
Sorry, it was not my intention to upset you, and I know nothing about your security except what was stated in previous posts here.
Based on that information, and especially with what you have added I would stand by my observation that you are at least partly operating under the illusion of security.
My comments were intended to be helpful to yourself and anyone else who might read this thread, not to pick an argument, so I'll step out now.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.