Re: chmod woes

Subject: Re: chmod woes
From: Mike Tibor (tibor@lib.uaa.alaska.edu)
Date: Thu Oct 03 2002 - 01:35:56 AKDT

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
• Next message: James Zuelow: "Re: chmod woes"
• Previous message: bryan@ak.net: "Re: chmod woes"
• In reply to: Justin Dieters: "chmod woes"
• Next in thread: James Zuelow: "Re: chmod woes"
• Reply: Mike Tibor: "Re: chmod woes"
• Reply: Mike Tibor: "Re: chmod woes"

On Thu, 3 Oct 2002, Justin Dieters wrote:

> 1. Change all the files in all subdirectories of a directory to 660
> (rw-rw----), but leave the all directories +x so I can still get into them

cd /path/to/dir
find . -type f | xargs chmod 660

(you can do it without piping to xargs/chmod, but I find this simpler in
most cases. Bryan Medsker's message is a good example of how to do it
The Right Way ;-) )

> 2. Then change all the *.sh files in all subdirectories so they are +x

find . -name "*.sh" | xargs chmod 755

> Also, if someone could explain to me why I can't get into directories if
> they aren't +x, and also what a 's' or 'S' in place of the 'x' means
> when doing a 'ls -l' I would be very interested to find out :)

It's just a fact of life that directories must be executable in order to
descend into them. Sorry, I can't remember what S means. :-) As far as
files go, (directories are different) the lower case "s" is the set[ug]id
bit (u meaning user; g meaning group). If the ls -l output looks like
this:

-rwsr-xr-x 1 root wheel 12345 Aug 4 2001 filename

Then this means that "filename" is setuid root. In this case the "s"
means that "filename" will run with root privileges regardless of which
user runs it. If you're thinking this might be a security risk, you're
entirely correct! The above perms are equivilent to "chmod 4755
filename".

On the other hand, if the ls -l output looks like this:

-rwxr-sr-x 1 root wheel 12345 Aug 4 2001 filename

Then this means that "filename" is setgid wheel. The above perms are
equivilent to "chmod 2755 filename". Similar to above, it will execute
with whatever group privileges are available to group "wheel". There is a
subtle difference between this and the above--this will not execute with
root privileges! However, because "wheel" is a privileged group on some
systems, this could still constitute a security risk. For example, a file
whose ls -l output begins like:

"-rwxrwxr-x 1 root wheel"

would be vulnerable because it's writable by group wheel.

Granted, this is going off on a tangent, but it irks me that I never see
anything dealing with filesystem attributes anymore. They should work
fine with both ext2 and ext3 (I don't know about ReiserFS), and can be
valuable security tools when used intelligently. Check out "man lsattr"
and "man chattr" for details.

Mike

-- 
Mike Tibor         Univ. of Alaska Anchorage    (907) 786-1001 voice
Network Technician     Consortium Library         (907) 786-6050 fax
tibor@lib.uaa.alaska.edu       http://www.lib.uaa.alaska.edu/~tibor/
http://www.lib.uaa.alaska.edu/~tibor/pgpkey  for PGP public key
---------
To unsubscribe, send email to <aklug-request@aklug.org>
with 'unsubscribe' in the message body.

• Next message: James Zuelow: "Re: chmod woes"
• Previous message: bryan@ak.net: "Re: chmod woes"
• In reply to: Justin Dieters: "chmod woes"
• Next in thread: James Zuelow: "Re: chmod woes"
• Reply: Mike Tibor: "Re: chmod woes"
• Reply: Mike Tibor: "Re: chmod woes"

This archive was generated by hypermail 2a23 : Thu Oct 03 2002 - 01:35:59 AKDT