1777 protection

Georgina gena at gena-j.net
Sun Nov 25 14:44:02 EST 2001


Hi

Someone answered this question a little while ago and I've found the post to
be very useful as a reference.  So here it is:

Thanks Raul for this and I hope that you don't mind me reposting.

Reading the man page on chmod will help but below is a quick guide on
permissions, at least basic ones.

the ls -l will show you a direct listing in long format of any directory
where you issue the command.  the output will be something like:
-rw-r--r--	1	root	root	112212	Jun 18	17:48	test_file

The first part tells you the permissions set on the file called test_file.
This is the only part I'm going to address here.  Take the -rw-r--r-- and
break it up into 4 parts like this: - rw- r-- r--  The first part tells
you if this is a file or a directory.  if it is a - then it's a file and
if it is a d it's a directory.  The next 3 parts are the permissions for
owner, group, and world.  Each of these 3 parts has 3 flags which can be
on or off.  If they are on you will see a letter and if it is off you will
see just a -.  The permissions are r for read w for write and x for
execute.  So if you have a file which like the example -rw-r--r-- it means
that the owner of the file has read/write access to the file while the
group and the world has only read access to it.  If you look at a binary
file such as /usr/bin/vacation you will see something like -rwxr-xr-x or
-rwx--x--x.  This means that the owner root has read/write/execute
permissions while everyone else either has read/execute or just execute
permissions.

Now to setting the permissions accordingly you use the command chmod.
There are more than one ways to set this but I will demonstrate my
prefered way.  Some may like it some may not, but it is easy
none-the-less.

Let's take the file test-file for example.  to create it just touch
test_file and bang, you  got a file called test file.  Let's clear all the
permissions by typing chmod 000 test_file  This will set the
owner/group/world permissions to ---.  Below is a chart of the
corrisponding number flags when you use chmod.  they range from 0 through
7.  and when you issue them you do it in sets of 3 digits.  first digit is
for owner permission, 2nd is for group permission and 3rd is for world
permission.

0 ---
1 --x
2 -w-
3 -wx
4 r--
5 r-x
6 rw-
7 rwx

So by looking at the chart above 0 means there are no flags set, no
read/write/execute.  1 means execute only, good for binaries.  4 is read
only good for making files that everyone can read from but not write to.
5 is good for scripts, must be readable and executable but not writable.
7 has all the flags set read/write/execute.

Now, if you want to make this file read/write/execute by owner, but only
read/execute by group and read only by world the command would be chmod
754 test_file.  If you want to make this file read/write by owner, and
readonly by group and nothing for world it would be chmod 640 test_file.

As I stated this is a quick guide so you should definately read the man
page but maybe this will help you understand permissions a little.

-----Original Message-----
From: speakup-admin at braille.uwo.ca
[mailto:speakup-admin at braille.uwo.ca]On Behalf Of Steve Holmes
Sent: 25 November 2001 17:36
To: speakup at braille.uwo.ca
Subject: Re: 1777 protection


I think that answer is wrong. To prevent others from reading the mail
folders, type "chmod 0600 /var/spool/mail/user" where user would be the
name of the userid doing the mail on this machine. That will setread and
write permissions for the owner but leave nothing for group and the world.
I forgot to look at the mail folder so not sure what the permissions are
on that right now.

On Sat, 24 Nov 2001, Gregory Nowak wrote:

> That means that anyone with access to your machine can read all mail on it
at least if not do more with it.
> To fix this (which I'm sure you want to do), type the following line
without the quotes.
> "chmod 1777 /var/spool/mail"
> Hth.
> Greg
>
>
> On Sat, Nov 24, 2001 at 08:22:52PM -0500, Guy Schlosser wrote:
> > I am very happy to announce that I am now an official Linux user.  I got
> > my debian system up and running with the 2.4.15 kernel yesterday and so
> > far am loving it.  I've got a question though.  Whenever I use PINE, I
get
> > a message that says "mailbox is vulnerable.  /var/spool/mail needs 1777
> > protection.  For one, what does that mean?  And lastly, how do I set
that.
> > Thanks in advance for any info.
> >
> > Later,
> >
> >
> > Guy
> >
> >
> >
> > _______________________________________________
> > Speakup mailing list
> > Speakup at braille.uwo.ca
> > http://speech.braille.uwo.ca/mailman/listinfo/speakup
>
> _______________________________________________
> Speakup mailing list
> Speakup at braille.uwo.ca
> http://speech.braille.uwo.ca/mailman/listinfo/speakup
>


_______________________________________________
Speakup mailing list
Speakup at braille.uwo.ca
http://speech.braille.uwo.ca/mailman/listinfo/speakup





More information about the Speakup mailing list