Just a doubt!!!??

anishkumarv · 07-09-2011, 12:08 PM

Hi ,

Is it possible to do the server configuration, with all the

directories have 644 permission alone? , like all our important

folders like

1. named

2. httpd

3. lib

etc etc

for security purpose??

tronayne · 07-09-2011, 12:25 PM

Possible? Well, yes, but...

If you

Code:

fubar-trona-/home/trona: mkdir trash
fubar-trona-/home/trona: chmod 644 trash
fubar-trona-/home/trona: ls -al trash
/bin/ls: cannot access trash/..: Permission denied
/bin/ls: cannot access trash/.: Permission denied
total 0
d????????? ? ? ? ?            ? ./
d????????? ? ? ? ?            ? ../
fubar-trona-/home/trona:

Do you see the problem (the owner -- nor anyone else but root -- cannot read the thing)? Not a good idea.

Directory permissions are not the same as file permissions; the default for a directory is 755 where the default for a file is usually 644. If you want to deny public read on a directory, set it to 750 (thus the owner and group can read, the owner can write). Similarly, set a file to 640 and that will allow the same for owner and group.

The default 755, 644 mask is the UMASK value (which is 0022, you can see it with the umask utility. Refer to the umask manual page for other possibilities.

Hope this helps some.

anishkumarv · 07-09-2011, 12:50 PM

Hi tronayne,

Thanks for the reply ..u just gave the answer for my other question, which was in my mind,

i am facing one problem now days in my slave server, the zone files are recived from my master

server that files are automatically comes with the /var/named/slaves dir with 644 permission

even i gaved the 755 permission to the slave folder , how is it so?? but once it get 644

permission again the changes that are made in the master server that chnges are not replicated

in the slave server zone file....is that anything related to umask issue??

tronayne · 07-10-2011, 07:41 AM

Check and see what the UMASK value is on both machines:

Code:

prompt: umask
0022

should generally be the default value (directories have mode 0755, files have mode 0644) -- it may also be 0020 in which case directories would have mode 0750 and files would have 0640. umask is probably set in /etc/login.defs; might be worth a look to see what it is.

However, that may not be your problem.

You may want to carefully check (against the manual pages) any settings, changes or additions you made in /etc/named.con along with the files localhost.zone, named.ca, named.local or named.root if you're using them (I believe the examples are in /var/named/caching-example).

Also take a hard look at /etc/default/named and /etc/default/rndc if you made any changes to them.

Essentially, files and directories will be created by utilities with whatever mode is defined by UMASK on the system; if you have added or changed anything having to do with file and directory creation, that's probably where you need to look first. Carefully check your configuration files (the ones having to do with master-slave).

Hope this helps some.