Calibrating permissions

[Charlie Brown]

You can compare with those on live session.

Say, "open terminal here" (or first cd to that path) and:

Code: Select all

stat -c '%a %n' *

one by one (on live session) and have a look.


Or state the path and even save in a text file to inspect later :

i.e.

Code: Select all

stat -c '%a %n' .icons/* > Anyname.txt

(Anyname.txt will be in home folder, as you might already know you can state a path for it, too)


(Though this is not recursive)

[Charlie Brown]

... Or, if you want it recursive and including everything in home folder, a crazy way:

Code: Select all

ls -laR > permissions.txt

Code: Select all

sed -i '/-rw-r--r--/d' permissions.txt

Code: Select all

sed -i '/drwxr-xr-x/d' permissions.txt

The 755 (for directories only) and 644 (for files only) lines will be deleted. It still has more than 20,000 lines but at least you can have a look scrolling if there's something very important to you ... (Do this on live session with a user terminal, no root sudo su etc..)

[Jakob77]

Thank you Charlie Brown, yes.
I have also made a copy of a new users home folder to a shared folder so I can compare.
And this command can maybe be helpful for log files:

Code: Select all

ls -lah

And it already shows it is much more complicated than I like.
I see you use the same and thank you for warning me before I use it and faint. ;-)



It suddenly hits my mind...

...
And it has some different sub folders ... Do you think this looks like a correct syntax ...

Code: Select all

sudo chmod -x -R ~/Music/*.*

Yes, but no :D

If we do it in bulk, then, those which do not already have x (executable) may become problematic, new issues may occur.

I have to ask problematic how, what issues.?
Could it perhaps help to make them all +x first and then -x all.?
To me it looks like a big advantage if it is possible to reduce the edit to only the one privilege we want to change.

@DukeComposed

Can 'find' find only the files with permission to run like programs and chmod them '-x' .?

[DukeComposed]

Can 'find' find only the files with permission to run like programs and chmod them '-x' .?

As I said:

Extra credit: find supports an "-exec" argument that can used to run a command on the files/directories it returns. It also supports a "-perm" argument I mentioned earlier, and "\!" can be used to negate the permissions check, i.e., "find dir -type d \! -perm 0755" should give a list of all directories and subdirectories that do not have mode 0755.

If you run "man find" it will give you a comprehensive list of options that find supports. Perhaps more importantly here, there is a section labeled "EXAMPLES" that can show you how to run find with the "-perm" argument to look only for files with a certain mode.

I found a useful illustrated guide to UNIX file permissions online, courtesy of the amazing Julia "b0rk" Evans: https://i.pinimg.com/originals/fb/65/0a ... 3fc608.jpg

That guide will explain what find is doing in this example:

Code: Select all

mkdir test
cd test
touch one two three four
chmod 0700 one
chmod 0770 two
chmod 0777 three
find . -type f -perm /111
./three
./one
./two

I also could've written it "find . -type f -perm /u=x,g=x,o=x", if that's easier to parse.

[Jakob77]

Thank you.



@Charlie Brown


In a new .thunderbird I find approximately 50 files with five different permissions:

700
777
755
644
600

I don't know how smart this syntax is but I think it gives a good output for further work if needed:

Code: Select all

find .  -printf "%m %f %g\n" | column -t

And the output I could spend a cosy time knitting with chmod for lines for the script something like this:

Code: Select all

chmod 644 ~/.thunderbird/profiles.ini

next file and so on..... this far it looks okay in theory.



However...

In my backup I find more than 2.000 files with only two different permissions:

777
755

There are a lot more files, different filenames and different folders.
And maybe some permissions are changed on purpose.


How am I ever going to be able to solve this correctly.?


Is it unfair to name it a security hole in Thunderbird and expect the Thunderbird developers to fix it.?

[Eadwine Rose]

Is it unfair to name it a security hole in Thunderbird and expect the Thunderbird developers to fix it.?

Report to the TB people if there is a TB problem.

[fehlix]

In a new .thunderbird I find approximately 50 files with five different permissions:

Is it unfair to name it a security hole in Thunderbird and expect the Thunderbird developers to fix it.?

Where do you see a "security hole"?
The top Thunderbird profile folder ".thunderbird" within users home
provides only access for the user (and root) for all files and folder underneath:

Code: Select all

ls -nd .thunderbird/
drwx------ 6 1000 1000 165 Sep 10 19:56 .thunderbird/

Suggest, to study a bit about access rights in rgrd to permissions and ownership in linux file systems.
HTH

[Jakob77]

fehlix

I hope there are more defense lines without holes than just that one.
I think it is about holding the fort and that takes more than one defense line.
If you let the fort full of Trojan horses without doing anything about it for years it is not really optimal for holding the fort. No good and no safety in that. It is just an extra unnecessary risk.

And maybe it is easy to put it right for those who knows the program.

Is it unfair to name it a security hole in Thunderbird and expect the Thunderbird developers to fix it.?

Report to the TB people if there is a TB problem.

I thought you had already done that. :-)
Do you know the best place to do it.?

[Eadwine Rose]

Google :) Pretty sure you're smart enough to know where to find the place to report something on TB. :)

[Jakob77]

Yes, I can always do more.
It might just take a little longer. ;-)
If I am the only user being concerned it is also a logic consequence that the priority will be lowered.


~/Desktop and ~/.icons are already put in for advice on an external page:
https://forum.xfce.org/viewtopic.php?pid=73293#p73293