/ access to all users?

Please reproduce your error on a second machine before posting, and check the error by running without saved changes or extra modules (See FAQ No. 13, "How to report a bug"). For unstable Porteus versions (alpha, beta, rc) please use the relevant thread in our "Development" section.
User avatar
Rava
Contributor
Contributor
Posts: 5401
Joined: 11 Jan 2011, 02:46
Distribution: XFCE 5.01 x86_64 + 4.0 i586
Location: Forests of Germany

/ access to all users?

Post#1 by Rava » 05 Sep 2013, 04:59

Hello team!

In my book, (due to security reasons) a normal non root user should not be allowed to create any files or folders in /

Still, the x86-64 version of Port 2.1 allows him to do so:

Code: Select all

guest@porteus:/mnt/live/memory/images$ ls -oa 001-core.xzm/. 010-nVidia-304.88-porteus-v2.1-x86_64-1fmt.xzm/. -d
drwxrwxrwx 20 root 281 Aug  2 11:35 001-core.xzm/.
drwxrwxrwx  6 root  71 Jul 23 02:55 010-nVidia-304.88-porteus-v2.1-x86_64-1fmt.xzm/.
We should create a rule that applies to all modules, that "/" (or, in module speech, the base folder of the module) should:

be owner root.root
not be 0777 (drwxrwxrwx) but instead
0755 (drwxr-xr-x)

Unless it's a folder like /root or /sbin or such, then it should be owned by root.root and have 0700 (drwx------)

Team members, your thoughts?
Cheers!
Yours Rava

User avatar
Hamza
Warlord
Warlord
Posts: 1908
Joined: 28 Dec 2010, 07:41
Distribution: Porteus
Location: France

Re: / access to all users?

Post#2 by Hamza » 05 Sep 2013, 05:08

That's already like this. '/' is owned by root only on our base modules.
NjVFQzY2Rg==

User avatar
Rava
Contributor
Contributor
Posts: 5401
Joined: 11 Jan 2011, 02:46
Distribution: XFCE 5.01 x86_64 + 4.0 i586
Location: Forests of Germany

Re: / access to all users?

Post#3 by Rava » 05 Sep 2013, 05:12

Hamza wrote:That's already like this. '/' is owned by root only on our base modules.
As you can see above, two official modules break that rule. And by doing so, the stat for / will be changed to 0777 instead of 0755.

And this is not only about ownership root.root (aka chown), but access rights (aka chmod)
root@porteus:/tmp/001-core-rava# stat /
File: ‘/’
Size: 380 Blocks: 0 IO Block: 4096 directory
Device: fh/15d Inode: 2 Links: 71
Access: (0777/drwxrwxrwx) Uid: ( 0/ root) Gid: ( 0/ root)
Access: 2013-09-05 06:53:58.745000000 +0200
Modify: 2013-09-05 06:53:54.154000000 +0200
Change: 2013-09-05 06:53:54.154000000 +0200
Birth: -
(my emphasis)

ATM I re-create both above listed modules changed to 0755 to have a fix for my version of 2.1.
Cheers!
Yours Rava

User avatar
fanthom
Moderator Team
Moderator Team
Posts: 5666
Joined: 28 Dec 2010, 02:42
Distribution: Porteus Kiosk
Location: Poland
Contact:

Re: / access to all users?

Post#4 by fanthom » 05 Sep 2013, 08:43

hi Rava,

will update dir2xzm script to always 'chmod 755' and 'chown 0:0' the target directory before creating a module.
thanks for pointing this out.
Please add [Solved] to your thread title if the solution was found.

User avatar
Rava
Contributor
Contributor
Posts: 5401
Joined: 11 Jan 2011, 02:46
Distribution: XFCE 5.01 x86_64 + 4.0 i586
Location: Forests of Germany

Re: / access to all users?

Post#5 by Rava » 05 Sep 2013, 18:24

fanthom, you are welcome...

Will is be available online as well so that all of us can use the newer version as well? :)
Cheers!
Yours Rava

User avatar
fanthom
Moderator Team
Moderator Team
Posts: 5666
Joined: 28 Dec 2010, 02:42
Distribution: Porteus Kiosk
Location: Poland
Contact:

Re: / access to all users?

Post#6 by fanthom » 06 Sep 2013, 08:30

yes - will push it through porteus updates along with other small fixes.
Please add [Solved] to your thread title if the solution was found.

User avatar
Rava
Contributor
Contributor
Posts: 5401
Joined: 11 Jan 2011, 02:46
Distribution: XFCE 5.01 x86_64 + 4.0 i586
Location: Forests of Germany

Re: / access to all users?

Post#7 by Rava » 06 Sep 2013, 19:17

Okay...

So, what do I have to do in PPM again to get this update?

And would it come as small xzm? To be includes it the porteus/base or porteus/modules folder?
Cheers!
Yours Rava

User avatar
francois
Contributor
Contributor
Posts: 6434
Joined: 28 Dec 2010, 14:25
Distribution: xfce plank porteus nemesis
Location: Le printemps, le printemps, le printemps... ... l'hiver s'essoufle.

Re: / access to all users?

Post#8 by francois » 06 Sep 2013, 22:05

Hi rava. I imagine that the change will be available thru porteus setting center > porteus updater. fanthom will surely correct this answer if it is wrong. :)
Prendre son temps, profiter de celui qui passe.

Post Reply