On 2004-10-20, Olle Eriksson <[EMAIL PROTECTED]> wrote:
> $ sudo chmod o-rwx /home/username/*
> $ sudo chmod o-rwx /home/username/.*
>
> After that, all hell broke lose. I couldn't start any new KDE application,
> existing applications complained about insufficient rights, no temporary
> or session files could be written etc. I couldn't even access my home
> directory after I restarted. Luckily I was able to restore all previous
> file permissions with the saved file and got back into my user account
> this morning. So, lesson learned. Don't mess with things you don't need
> to mess with, make backups, and be less paranoid. :)
>
> I think it was the fact that /home lost all world-permissions that caused
> all the problems. Would you agree?
The problem is the '.*' above expanding to '..' and therefore affecting
the parent directory.
What you probably wanted to run was:
chmod -R go-rwx $HOME
not as root, but as the user. This should work (with some minor
exceptions like 'man' not being able to access man pages installed
in your home 'cos man may be setuid 'man').
> Secondly, by calling chmod with sudo, all the files owned by root that I
> as a user needed to see were now invisible. But they don't seem to be so
> many so I am wondering if that had any influence.
You should not have any files owned by root under a normal user's home
directory (or under /home as the '.*' error above would mean).
> Should I simply leave the .* files in my home directory alone? :) I
> acually found some that had 777 permissions which I didn't like. All my
> documents are 750 or less and the umask is set to 027. Is that ok for
> security?
You might be interested in 'fadfixperms' which reads instructions for
how to set permissions on a hierachy of files and enforces them. I do
this on a daily basis to make sure that what I intend to keep private
is kept private despite a umask of 022 which I need in a cooperative
work environment. Google for it.
Alexis
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
