Find the answer to your Linux question:
Results 1 to 9 of 9
Hi! I. Here it goes according to 'ls': dr-x.. ~ # ls -ld /proc dr-xr-xr-x 134 root root 0 2010-08-13 18:58 /proc/ ---------- /proc/ is not writable. So next is ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1
    Just Joined!
    Join Date
    Aug 2010
    Posts
    5

    first octet of chmod does not work?


    Hi!

    I.
    Here it goes according to 'ls': dr-x..
    ~ # ls -ld /proc
    dr-xr-xr-x 134 root root 0 2010-08-13 18:58 /proc/
    ---------- /proc/ is not writable. So next is correct
    ~ # touch /proc/rwtest
    touch «/proc/rwtest»: No such file or directory
    ~ #

    II.
    Here it does not (obviously next is correct for OS functioning)..
    ~ # ls -ld /sys
    drwxr-xr-x 134 root root 0 2010-08-13 18:58 /sys/
    ---------- /sys/ is writable!
    ~ # touch /sys/rwtest
    touch «/sys/rwtest»: No such file or directory
    ~ #

    III.
    ~ # mkdir TMP
    ~ # chmod 500 TMP
    ~ # ls -ld TMP
    dr-x------ 2 root root 48 2010-08-13 18:59 TMP/
    ~ # touch TMP/rwtest
    ~ # ls -lR TMP
    TMP:
    -rw-r--r-- 1 root root 0 2010-08-13 18:59 rwtest
    ~ #

    rwtest-file was created by root in directory with dr-x------!

    Should it be so?

    Please..
    One question only:

    Why does 'chmod 500..' not work?

    Thanks and good luck!

    13-VIII-2010

  2. #2
    Just Joined!
    Join Date
    Mar 2005
    Location
    Corona, CA
    Posts
    29
    Quote Originally Posted by vit_r View Post
    Hi!

    I.
    Here it goes according to 'ls': dr-x..
    ~ # ls -ld /proc
    dr-xr-xr-x 134 root root 0 2010-08-13 18:58 /proc/
    ---------- /proc/ is not writable. So next is correct
    ~ # touch /proc/rwtest
    touch «/proc/rwtest»: No such file or directory
    ~ #

    II.
    Here it does not (obviously next is correct for OS functioning)..
    ~ # ls -ld /sys
    drwxr-xr-x 134 root root 0 2010-08-13 18:58 /sys/
    ---------- /sys/ is writable!
    ~ # touch /sys/rwtest
    touch «/sys/rwtest»: No such file or directory
    ~ #

    III.
    ~ # mkdir TMP
    ~ # chmod 500 TMP
    ~ # ls -ld TMP
    dr-x------ 2 root root 48 2010-08-13 18:59 TMP/
    ~ # touch TMP/rwtest
    ~ # ls -lR TMP
    TMP:
    -rw-r--r-- 1 root root 0 2010-08-13 18:59 rwtest
    ~ #

    rwtest-file was created by root in directory with dr-x------!

    Should it be so?

    Please..
    One question only:

    Why does 'chmod 500..' not work?

    Thanks and good luck!

    13-VIII-2010
    Rule #1: Never, ever mess around as the root user. You're going to end up crashing your system, losing valuable data, or both. Only use root when necessary, and it's better to get used to using sudo instead of just being the root user.

    Not every directory you see is actually files on the disk (/proc is actually memory). Some directories or filesystems can have over-riding mount options, or the user may have a umask that will cause files created by the user to have different permissions (do a 'man umask' to learn more about that).

  3. #3
    Just Joined!
    Join Date
    Aug 2010
    Posts
    5
    to neildomo

    Thanks for fast and considerate reply
    I had to mention what its for, sorry

    The goal is to get 'read-only PATH'
    (
    ie:
    dr-xr-xr-x ... bin/
    dr-xr-xr-x ... lib/
    dr-xr-xr-x ... sbin/
    )

    -
    Still does not work:
    ~ # umask u=,g=,o=; mkdir fu; touch fu/bar; ls -lR fu
    fu:
    ---------- 1 root root 0 2010-08-14 13:00 bar
    -

    'ro PATH' whith rw root filesystem is possible:
    linuxquestions.org read-only-path-822055/

    But when under root privileges 'chmod 500..' will do what it claims
    'ro PATH' would be made just like that, isn't so?

  4. #4
    Just Joined!
    Join Date
    Mar 2005
    Location
    Corona, CA
    Posts
    29
    why do you want to make a directory read-only for everyone, including root? If you create a file owned by root, and "chmod 755", then only root can write to it, which I would consider normal (because no one should be using root user).

  5. #5
    Just Joined!
    Join Date
    Aug 2010
    Posts
    5
    Dear neildomo!

    > no one should be using root user

    Is it always so: " no one should be "?
    Once my comp was attacked when i was staring at the screen..
    Even "reset" was helpless..

    Then 'ro PATH' is more safe(i.e. power break or kitten dancing on kbd), isn't it?

    Is there somewhere a working example
    (HOWTO to make a directory read-only for everyone)?

    Thanks


    ps
    Seems strange things pops up:
    - 'ls' doesn't reflect 100% of real situation
    - 'chmod ...' doesn't make all changes correctly
    - nothing is mentioned in their man pages

  6. #6
    Just Joined!
    Join Date
    Mar 2005
    Location
    Corona, CA
    Posts
    29
    I'm having a bit of difficulty understanding your meaning, but I'll give it a shot.

    root(superuser) is the one user that should have access to everything. Because of this it should be used minimally, only when necessary. Use sudo to do your tasks, avoid logging into a computer as root. Many systems are set such that you can only log in as root at the console.

    If you really want to make something read-only, make a filesystem, put your data on it, then mount that with ro options.

    On my linux box /lib, /sbin, and /bin are owned by root, and only root has access (755, or rxwr-xr-x). If root cannot write to these directories, you won't be able to install anything into these dirs.

    There is a program called aide , which can watch all the files on your system to see if any have changed. I'd recommend wiping your system, doing a fresh install, installing aide, then running it daily to see what has changed. Read the docs, there are files that will normally change daily. Also, /var/log/secure and /var/log/messages can give you information about people logging in.

    selinux and iptables can be a pain to learn, but they can also increase the security of your computer significantly. It all depends on how much effort you want to put into it. Google these terms, there will be plenty of reading material.

  7. #7
    Just Joined!
    Join Date
    Aug 2010
    Posts
    5
    > ... difficulty understanding your meaning,

    i guess this difficulty is: "Why i want 'ro PATH'?"
    Because:
    Even getting(by outsider or insider) the root privileges
    will be not enough for making immediate changes

    > ... read-only, make a filesystem, put your data on it, then mount that with ro options.

    it is OK for /boot,/usr,/opt, ...
    but meanwhile its not possible for /bin,/lib,/sbin

    > ... you won't be able to install anything into these dirs.
    a simple script:
    chmod 755
    OS-changes
    chmod 555

    If there would be official choice between current OS
    and the same OS with 'ro PATH'
    Which one is preferable?

    Dear man!
    Big and many Thanks for 'aide'. My feelings about it ... something great


    ps
    Still: "Is there somewhere a working example:
    HOWTO make a directory dr-xr-xr-x? Thanks"

    pps
    any difficulty in understanding my meaning.. Tell me please

  8. #8
    Linux Guru coopstah13's Avatar
    Join Date
    Nov 2007
    Location
    NH, USA
    Posts
    3,149
    that isn't true, once you have root access you can change directory permissions back to 755 anyway

    rxrxrx is 555, your exercise is fairly pointless though

    if someone is getting access to your machine then you aren't taking proper security precautions to protect it, and I would advise you start with the basics like setting up firewall and using secure passwords

  9. #9
    Just Joined!
    Join Date
    Aug 2010
    Posts
    5
    > if someone is getting access ...
    With 'ro PATH' if someone got access then next step is changing directory permissions
    and such change can be made complicated by replacing corresponding programs by script-traps

    With 'rw PATH' PATH-dirs are "naked" ...

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •