Path: utzoo!utgpu!jarvis.csri.toronto.edu!mailrus!tut.cis.ohio-state.edu!ucbvax!decwrl!sgi!mitch@rock.SGI.COM From: mitch@rock.SGI.COM (Thomas P. Mitchell) Newsgroups: comp.sys.sgi Subject: Re: Permissive Permissions Summary: 777 is wrong. Message-ID: <32529@sgi.SGI.COM> Date: 11 May 89 02:05:52 GMT References: <8905101550.AA02500@lerc08.nas.nasa.gov> Sender: daemon@sgi.SGI.COM Organization: Silicon Graphics, Inc., Mountain View, CA Lines: 49 In article <8905101550.AA02500@lerc08.nas.nasa.gov>, fsfacca@LERC08.NAS.NASA.GOV (Tony Facca) writes: > > >> I fail to see what the problem is? / has world-writable, so what?! > >> I would be concerned if it didn't. It is a security problem -- chmod 555 / ; is the "school solution" > > I suppose its just a matter of personal preference. Some folks set the > default permissions on the user's directory to 700 so that users can't go chmod 700 or 500 is wrong. Many tools need read and search permissions -- Programs which run with low user ID numbers run as users to limit security problems. See things like lp. > snooping aroung in each others directories. Personally, I think 755 is fine. > If I have sensitive data I can explicity set the permissions. Each user should own his own home dir. He can set it to 700 if he wishes -- but that is nearly anti-social. A better is again 755 for $HOME and 700 for $HOME/someplace_private. > However, by default, 777 on root?? / is no place for novice user's to have True. It is wrong. Also simple to fix. > write permission. Moreover, if / is writeable by anybody, why even bother > with a /tmp? I don't know, it just doesn't *smell* right. I'd have to agree ^^^^ tis wrong. Exactly -- /tmp and /usr/tmp are 777 so anyone can make tmp files. Most users should use /usr/tmp/ by default because it is larger. Many system tools must use the smaller /tmp because the /usr filesystem may not be mounted. Will the original poster email me the Serial Numbers of the machines so I can follow up on this. I am mitch@sgi.com -- ------------- Thomas P. Mitchell (mitch@sgi.com) Rainbows -- The best (well second best) reason for windows.