LinuxQuestions.org
Visit Jeremy's Blog.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 06-14-2004, 12:37 PM   #1
granatica
LQ Newbie
 
Registered: May 2003
Posts: 16

Rep: Reputation: 0
Persmissions changing on root directories?


Hello,

This past week I have had an issue with permissions changing on the root directories. Permissions don't change beneath the directories. The strange thing is even the root dot directories change. I don't know if this is a securiyt issue or not. I have a Cisco firewall in place, blocking EVERYTHING but ssh, http and https, dns and sendmail. This seemed to start happening after I installed WINE and played with some of the configuration settings. Every so often my root directory winds up looking like this:

drwxrwxrwx 20 root root 456 Jun 12 19:19 ./
drwxrwxrwx 20 root root 456 Jun 12 19:19 ../
drwxrwxrwx 2 root bin 2416 Apr 10 00:54 bin/
drwxrwxrwx 3 root root 336 Apr 16 11:11 boot/
drwxrwxrwx 15 root root 63096 Jun 10 13:30 dev/
drwxrwxrwx 56 root root 5760 Jun 14 10:30 etc/
drwxrwxrwx 17 root root 400 May 12 08:20 home/
drwxrwxrwx 4 root root 2656 Apr 13 15:40 lib/
drwxrwxrwx 6 root root 144 Jun 8 14:52 mnt/
drwxrwxrwx 4 root root 96 Sep 14 2003 opt/
drwxrwxrwx 99 root root 0 Jun 10 06:29 proc/
drwxrwxrwx 24 root root 1216 Jun 10 13:28 root/
drwxrwxrwx 2 root bin 5704 Sep 1 2003 sbin/
drwxrwxrwx 17 root root 2080 Jun 14 10:28 tmp/
drwxrwxrwx 19 root root 568 Dec 7 2003 usr/
drwxrwxrwx 19 root root 528 Apr 20 15:12 var/

The way I found out was sendmail died and when I tried restarting it gave me an error that /etc/mail and /var/spool/mail were world writeable. They weren't but the parent directories /etc and /var were. I changed everything back and sendmail starting working again. However, it's happened a total of 3 time since it started last week.

Is there something common that can cause this or is it sounding like a security breach?
 
Old 06-14-2004, 02:39 PM   #2
jschiwal
LQ Guru
 
Registered: Aug 2001
Location: Fargo, ND
Distribution: SuSE AMD64
Posts: 15,733

Rep: Reputation: 682Reputation: 682Reputation: 682Reputation: 682Reputation: 682Reputation: 682
You haven't said which distrobution you are using. If it is Mandrake, there is a program called msec that checks permissions and will change them back according to its configuration. If that is the case, the quickest way to fix things may be to change the security level. I think that /var is normally world read/writable because any program is allowed to use it. /etc is normally readable by any user, but is only writable by root. Some files like /etc/shadow are only readable by root.
 
Old 06-14-2004, 02:52 PM   #3
granatica
LQ Newbie
 
Registered: May 2003
Posts: 16

Original Poster
Rep: Reputation: 0
Distro is Slackware 9.1
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Changing Ftp Directories Into 777(rwe) rogier1983 Linux - Networking 0 07-28-2005 07:56 AM
Changing Permissions on Directories... bob4432 Linux - Newbie 6 06-25-2004 02:50 PM
script problem changing directories richie72 Linux - Newbie 3 04-15-2004 03:25 PM
Changing physical location of directories Linus VanPelt Mandriva 2 02-23-2004 07:42 AM
Getting persmissions to stick dictatorofgoats Linux - General 2 10-02-2002 06:11 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 05:03 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration