Encrypted home partition accessible by administrator

Karl Auer kauer at biplane.com.au
Mon Apr 22 14:53:17 UTC 2019


On Mon, 2019-04-22 at 12:04 +0100, Colin Law wrote:
> chmod .
> is not a valid command.  With
> chmod 0 .
> and
> chmod 7 .
> sudo can still be used to access the files.

Perhaps Bret's memory is of an administrator misusing some variant of
"chmod -R 0 .*"

Don't test that command, by the way!

That causes the dot files "." and ".." to be included. Because of ".."
the command recurses up as well as down, removing the executable flag
from everything, including things like login and chmod. That can make
life very difficult for all. Not even root/sudo can execute a file that
is not flagged executable, so recovery using the affected fileystem is
generally not possible:

kauer at kt:~$ rm ./tls.sh
kauer at kt:~$ echo -e '#!'"/bin/sh\\nls" > tls.sh
kauer at kt:~$ ls -l tls.sh
-rw-rw-r-- 1 kauer kauer 13 Apr 23 00:48 tls.sh
kauer at kt:~$ ./tls.sh
bash: ./tls.sh: Permission denied
kauer at kt:~$ sudo ./tls.sh
sudo: ./tls.sh: command not found
kauer at kt:~$ chmod u+x tls.sh
kauer at kt:~$ ./tls.sh | wc -l
816
kauer at kt:~$ sudo ./tls.sh | wc -l
816

To actually change everything in a directory, including dot files,
while recursing down only, use something like

   chmod -R .[a-Z0-9]]*

Files with non-alphanumeric characters in their names may be missed by
this. Another good reason not to use non-alphanumeric characters in
filenames :-)

Regards, K.

-- 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Karl Auer (kauer at biplane.com.au)
http://www.biplane.com.au/kauer
http://twitter.com/kauer389

GPG fingerprint: 8D08 9CAA 649A AFEF E862 062A 2E97 42D4 A2A0 616D
Old fingerprint: A0CD 28F0 10BE FC21 C57C 67C1 19A6 83A4 9B0B 1D75





More information about the ubuntu-users mailing list