Survey: /root/ is world readable - did you know

Francisco Borges f.borges at rug.nl
Mon Apr 24 13:52:05 UTC 2006


ยป On Mon, Apr 24, 2006 at 05:55PM +0700, Chanchao wrote:

> I don't have any serious issues with that, though I do wonder why system
> logs need to be world readable as only administrators would need to look
> at those. But that's just me wondering, not saying that it would be a
> problem.

There are many moments users will have good reasons to look into the
logs. Mostly to find out what is going wrong with their own stuff before
comming to annoy the sysadmin. i.e. if their fault or not.

Frankly, what you seem to be proposing is restrict user access by
default without any plausible reason.

> There is my main gripe.  Frankly I'd assume EVERYTHING in there is VERY
> sensitive to the user. If a folder would need to be shared then the user

Your assumptions don't hold true for any network I've worked at.

The same argument you make can be turned around: if a user needs to hide
normal files, the user can close access to it.

> can adjust permissions to make it world (or group) readable, but other
> than that I'd assume nothing about data being 'not particularly
> sensitive'.

Define 'not particularly sensitive'. Hint: read access is different from
write access.

> I guess that wouldn't be the first time.  :)  I do have the feeling that
> in the Unix (Linux) world, there's too much focus on keeping the system
> stable, but very little focus on protecting user data.  This makes sense
> for large multi users systems, but for home desktop use, the system can
> be re-installed in minutes, whereas user files may be completely
> irreplaceable.

You're again not making any sense... how come not allowing other users
to read a file would cause it to be lost??

Come back to earth, we are talking about read access, not write access.

BTW1, in any install, large or small, user files are the most valuable
items.

BTW2, this is how my Dapper system looks like:

drwx------  2      72 2006-04-24 13:47 .aptitude
-rw-------  1     140 2006-04-17 22:03 .bash_history
drwx------  3      72 2006-04-19 10:58 .config
drwx------  2     112 2006-04-19 01:08 Desktop
-rw-------  1      26 2006-04-17 18:58 .dmrc
drwx------  2      48 2006-04-24 12:10 .gconf
drwx------  2      80 2006-04-24 12:52 .gconfd
drwx------  3     112 2006-04-23 22:46 .gnome2
drwx------  2      48 2006-04-18 23:50 .gnome2_private
-rw-------  1     183 2006-04-24 11:36 .ICEauthority
drwx------  5     216 2006-04-17 18:58 .kde
-rw-------  1     143 2006-04-18 22:43 .kderc
-rw-------  1      77 2006-04-24 13:51 .lesshst
drwx------  3      72 2006-04-17 18:58 .local
-rw-------  1      31 2006-04-19 00:12 .mcoprc
drwx------  3      72 2006-04-18 11:32 .mozilla
-rw-------  1      28 2006-04-23 20:12 .pyhist
drwx------  2     136 2006-04-17 20:53 .ssh
drwx------  4      96 2006-04-17 20:39 .thumbnails
-rw-------  1     158 2006-04-24 11:36 .Xauthority
-rw-------  1  464958 2006-04-24 15:38 .xsession-errors
-rw-------  1   20853 2006-04-24 15:39 .zsh_history

AFAICT anything that needed to be closed is closed.

-- 
Francisco





More information about the ubuntu-users mailing list