[sf-lug] chmod 777 /home ; chmod 777 /home/lerner
Michael Paoli
Michael.Paoli at cal.berkeley.edu
Sun Feb 7 12:42:43 PST 2016
> From: jim <jim at well.com>
> Subject: Re: [sf-lug] request for help re ssh -- sshd login failure
> Date: Sun, 7 Feb 2016 19:09:36 +0000
> My comments interspersed below.
>> and try that. I'm pessimistic. We've changed permissions
>> 109 # chmod 777 /home ; chmod 777 /home/lerner
>> with no good affect.
Yes, no good will come of that (well, other than perhaps some
bit 'o learning experience).
Essentially with 777 (a=rwx) on a directory, and at least x (or more commonly
at least r and x) on all ancestor directories, and without sticky bit
set, then nothing
in or beneath that directory is secure. E.g. any ID whatsoever can
muck with such.
That's also a very bad thing for any and all IDs having their HOME
directories in
or anywhere beneath that directory - it makes it pretty trivial for
most any ID on
the system to compromise the security of any ID having its HOME
directory in or
beneath that directory.
And, of course sshd will look at that and any keys beneath such and basically
be like, "Are you friggin' kidding me? I'm not gonna trust or use any of that
data, no way!" - and will basically ignore most or all of the data and
contents
thereof.
So, ... 777 on /home and user's HOME directory? Uhm, what gave one that idea?
Hopefully just an "experiment" and nothing important there? Or was it
some bad
suggestion on The Internet or such? (Which does tend to occur - often
about 20%
of the information/advice/etc on The Internet is flawed, poor
advice/information,
or just plain wrong.)
More information about the sf-lug
mailing list