On Wed, Jul 21, 2021, 12:57 PM Greg Wooledge <g...@wooledge.org> wrote:
> On Wed, Jul 21, 2021 at 12:39:49PM -0400, Kenneth Parker wrote: > > > > Access: (0555/dr-xr-xr-x) Uid: ( 0/ root) Gid: ( 1000/ frank) > > > Actually, access 555 means everyone can Read and Execute, but nobody can > > Update. > > > > Root usually overrides that, which could explain why it still works. > > Yes. > > > Will chown work ? > > > > > > > Actually, chmod might work better. My system has 755, owned by Root. > > Meaning only Root can Update, but everybody can Read and Execute. > > None of that explains why systemd says the thing is considered "unsafe". > It's "unsafe" because it's owned by group "frank". > How did I miss that? The only reason I can think of, for a different Group would be for something like /var/log, so someone other than Root can read the Logs. Thus, changing the GID back to 0 is the main issue (for suppressing the > warning messages). Fixing the perms from 555 to 755 is just for a bit > of extra consistency. > That, and other layers of Security, such as selinux, where Root isn't always "god". Thanks for the clarification. Kenneth Parker >
