Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I have a question regarding non-root permissions under /etc.
Is it safe to change the owner of a subdirectory tree and its files to a non-root user under /etc?.
Could it allow privilege escalation or any other security issues?.
for example: if the user running apache owned those files a simple security hole will allow the intruder to acces/modify configuration.
If it was owned by root, regular users will not be able to do that.
/opt and /usr/local/bin are for user installed stuff. For apache. That is a whole "separate system" within the system, so yes you (can) give directories their special permissions as needed to allow who or whatever to access the dir and or files within it. To each directory it has its own permissions "to allow or not to allow."
that is the question.
Their is plenty of how to's on setting up an apache Server on the internet. behoove of you to find the one you can understand to use as a guild line. good luck and enjoy.
As others suggested, don't mess up with the /etc permissions but use Apache method on how give permissions to directories within the Apache application.
If I am not wrong you can always change or point the directories to another location and specify the location on Apache.
It would be better if you will open a new thread and ask about Apache configuration if it is needed.
It's not like I'm going to do something like that, I just want to understand why it should not be done.
If I install an application under /etc/app and change the owner to "app" with the user of the application, I understand that it will be easier to compromise that application than if the owner is root, but, apart from that, what problems can be generated by be under /etc?. What difference would there be if I do the same but under /opt/app?.
Not really a security expert, I believe in most circumstances you don't need to mess up with /etc and /opt directories just to give user permissions.
You can assign a user to a wheel group, sudoers or a steering wheel with a propeller group (just kidding) so they can have permissions to certain directories such as /etc and /opt but then giving permissions to a user who doesn't know what he is doing is just a bad idea.
Or giving a permission to a system folder to a particular user is also not a good idea, well it might be a workaround if you have 2 or 3 users on your network, just give them whole access to a folder so that they won't bother you anymore but then if the system got compromise who will bear the responsibility?
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.