| View previous topic :: View next topic |
| Author |
Message |
Jords
n00b
Joined: 08 Aug 2005
Posts: 18
|
 Posted: Wed Jan 03, 2007 5:11 am Post subject: Reset file Permissions to sensible defaults? |
 |
|
Is there some program or script to reset the permissions on most of the files on my system to something reasonably safe?
I've been setting important things to 777 for convienence and forgetting about them for FAR to long!  (I'm left in terror that somebody types rm -rf / - even if they're not root, it would still do loads of damage! 
Or Can someone tell me what the permissions for the most critical directories should be, and give me some commands to set them to that?
Thanks,
Jords |
|
| Back to top |
|
 |
asiB4
Guru
Joined: 16 Jan 2006
Posts: 370
Location: Inside the electric circus
|
| Posted: Wed Jan 03, 2007 5:30 am Post subject: |
|
|
something like...
...should set everything in the root directory to rwxr-xr-x permissions.
_________________
Registered Linux User #332738
|
|
| Back to top |
|
|
kenai
n00b
Joined: 27 Aug 2006
Posts: 10
|
| Posted: Wed Jan 03, 2007 5:39 am Post subject: permissions |
|
|
maybe with find...
First of all you have localize files that need +x permissions...
For example:
| Code: |
find / -type d -name bin -exec chmod -R 755 {}/ \;
|
Next:
| Code: |
find / -type d -exec chmod 755 {} \;
find /bin -type f -exec chmod 755 {} \;
find /sbin -type f -exec chmod 755 {} \;
find /etc -type f -exec chmod 644 {} \;
find /var-type f -exec chmod 644 {} \;
... etc etc
|
It will take a little of your time, but it'll works =P
There are not too many directories in "/"
It can be improved in a bash script with an "if" sentence, but i'm too lazy to make a script right now.
Anyway, the easiest solution (but not the best) is doing a "chmod -R 755", just like asiB4 said  |
|
| Back to top |
|
|
Jords
n00b
Joined: 08 Aug 2005
Posts: 18
|
| Posted: Wed Jan 03, 2007 5:42 am Post subject: |
|
|
I just ran that but caught it quickly - Setting everything in /dev to read only for non-root users is Not good...
I think it'll take something much more 'smart' to fix my system...
P.S: I'll try your solution, kenai, when I have a little more time...
Last edited by Jords on Wed Jan 03, 2007 7:39 am; edited 1 time in total |
|
| Back to top |
|
|
harrisonmetz
Tux's lil' helper
Joined: 24 Apr 2006
Posts: 93
Location: Chicago, IL
|
| Posted: Wed Jan 03, 2007 6:59 am Post subject: |
|
|
| Its important to note that some files like shadow should be only readable by the root and the tmp directory must have the stickey bit on it set. su should have the suid bit set. etc. |
|
| Back to top |
|
|
asiB4
Guru
Joined: 16 Jan 2006
Posts: 370
Location: Inside the electric circus
|
| Posted: Wed Jan 03, 2007 7:38 am Post subject: |
|
|
| Jords wrote: | | I think it'll take something much more 'smart' to fix my system... |
...sorry if my way wasn't smart enough...but then again, I don't have everything of mine set to rwx by anyone and everyone, either. That just wouldn't be "smart". Good Luck! 
_________________
Registered Linux User #332738
|
|
| Back to top |
|
|
Jords
n00b
Joined: 08 Aug 2005
Posts: 18
|
| Posted: Wed Jan 03, 2007 7:43 am Post subject: |
|
|
Did I imply I could fix my system?
Yeah I know It's extremely dumb having so much stuff writable by anyone... Hence this topic :< |
|
| Back to top |
|
|
Xoalin
n00b
Joined: 11 Jun 2004
Posts: 40
Location: North Pole
|
| Posted: Wed Jan 03, 2007 8:10 pm Post subject: |
|
|
Gentoo Security Handbook
Specifically the chapter on file permissions could probably be worth reading.
Also check out the man page on find, dull read but should give you the info you need to search for such files and or understanding what people are suggesting.
_________________
Pollution is here to stay. Corporations will sell us the oil to destroy the environment, and soon they will sell us clean air. You don't believe me? Then why are they already selling us clean water? |
|
| Back to top |
|
|
Jords
n00b
Joined: 08 Aug 2005
Posts: 18
|
| Posted: Thu Jan 04, 2007 12:13 am Post subject: |
|
|
Ok, I'll go RTFM :<
Thanks for the help people!
Uh, A problem seems to have come out of running chmod -R 755 /, even for just a little while - su has stopped working, just giving Authentication Failure errors. Sudo still works. Maybe something has the wrong permissions now causing this? |
|
| Back to top |
|
|
asiB4
Guru
Joined: 16 Jan 2006
Posts: 370
Location: Inside the electric circus
|
| Posted: Thu Jan 04, 2007 2:30 am Post subject: |
|
|
what is the output of
should look something like the example below...the parts in red are probably an issue. Since you ran #chmod -R 755 /, I would bet it is now 0755/-rwxr-xr-x or something of that nature. Running #chmod 4711 /bin/su should put it back to the original state like the example below.
| Quote: | File: `/bin/su'
Size: 26948 Blocks: 56 IO Block: 4096 regular file
Device: 806h/2054d Inode: 31348 Links: 1
Access: (4711/-rws--x--x) Uid: ( 0/ root) Gid: ( 0/ root)
Access: 2006-12-31 17:54:43.000000000 -0800
Modify: 2006-08-31 11:47:26.000000000 -0700
Change: 2006-12-31 17:54:43.000000000 -0800 |
_________________
Registered Linux User #332738
|
|
| Back to top |
|
|
Jords
n00b
Joined: 08 Aug 2005
Posts: 18
|
| Posted: Thu Jan 04, 2007 9:37 am Post subject: |
|
|
Yeah su lost its' SUID permission so I just did a chmod +s /bin/su - working fine now.
Well I've gone through that guide and changed a lot of permissions... It's a lot better now.
Thanks again people, only wish I had found that Piece of Documentation before starting a topic |
|
| Back to top |
|
|
|
Networking & Security
