[sf-lug] chmod 777 /home ; chmod 777 /home/lerner
jim
jim at well.com
Sun Feb 7 16:08:46 PST 2016
More and more thanks. The chmod 777 {/home,/home/lerner}
was an experiment, a long stretch that I figured would be
no good, but the login error message said
permission denied
so what the hey! try that.
I'll certainly change it back (to 755). At this point
there is only one user account other than root, and the box
is powered off; when on it's on a 192.168,1.0 LAN.
On 02/07/2016 08:42 PM, Michael Paoli wrote:
>> From: jim <jim at well.com>
>> Subject: Re: [sf-lug] request for help re ssh -- sshd login failure
>> Date: Sun, 7 Feb 2016 19:09:36 +0000
>
>> My comments interspersed below.
>
>>> and try that. I'm pessimistic. We've changed permissions
>>> 109 # chmod 777 /home ; chmod 777 /home/lerner
>>> with no good affect.
>
> Yes, no good will come of that (well, other than perhaps some
> bit 'o learning experience).
>
> Essentially with 777 (a=rwx) on a directory, and at least x (or more
> commonly
> at least r and x) on all ancestor directories, and without sticky bit
> set, then nothing
> in or beneath that directory is secure. E.g. any ID whatsoever can
> muck with such.
> That's also a very bad thing for any and all IDs having their HOME
> directories in
> or anywhere beneath that directory - it makes it pretty trivial for
> most any ID on
> the system to compromise the security of any ID having its HOME
> directory in or
> beneath that directory.
>
> And, of course sshd will look at that and any keys beneath such and
> basically
> be like, "Are you friggin' kidding me? I'm not gonna trust or use any
> of that
> data, no way!" - and will basically ignore most or all of the data and
> contents
> thereof.
>
> So, ... 777 on /home and user's HOME directory? Uhm, what gave one
> that idea?
> Hopefully just an "experiment" and nothing important there? Or was it
> some bad
> suggestion on The Internet or such? (Which does tend to occur - often
> about 20%
> of the information/advice/etc on The Internet is flawed, poor
> advice/information,
> or just plain wrong.)
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://linuxmafia.com/pipermail/sf-lug/attachments/20160208/d5587b9e/attachment.html>
More information about the sf-lug
mailing list