Page 4 of 7
Re: Calibrating permissions
Posted: Sat Sep 23, 2023 4:00 pm
by Charlie Brown
You can compare with those on live session.
Say, "open terminal here" (or first
cd to that path) and:
one by one (on live session) and have a look.
Or state the path and even save in a text file to inspect later :
i.e.
Code: Select all
stat -c '%a %n' .icons/* > Anyname.txt
(
Anyname.txt will be in home folder, as you might already know you can state a path for it, too)
(Though this is not recursive)
Re: Calibrating permissions
Posted: Sat Sep 23, 2023 4:58 pm
by Charlie Brown
... Or, if you want it recursive and including everything in home folder, a crazy way:
Code: Select all
sed -i '/-rw-r--r--/d' permissions.txt
Code: Select all
sed -i '/drwxr-xr-x/d' permissions.txt
The 755 (for directories only) and 644 (for files only) lines will be deleted. It still has more than 20,000 lines but at least you can have a look scrolling if there's something very important to you ... (Do this on live session with a user terminal, no root sudo su etc..)
Re: Calibrating permissions
Posted: Sat Sep 23, 2023 5:54 pm
by Jakob77
Thank you Charlie Brown, yes.
I have also made a copy of a new users home folder to a shared folder so I can compare.
And this command can maybe be helpful for log files:
And it already shows it is much more complicated than I like.
I see you use the same and thank you for warning me before I use it and faint. ;-)
It suddenly hits my mind...
Jakob77 wrote: Thu Sep 21, 2023 10:58 am
Charlie Brown wrote: Tue Sep 19, 2023 5:52 pm
Jakob77 wrote: Tue Sep 19, 2023 4:47 pm...
And it has some different sub folders ... Do you think this looks like a correct syntax ...
Yes, but no :D
If we do it in bulk, then, those which do not already have x (executable) may become problematic, new issues may occur.
I have to ask problematic how, what issues.?
Could it perhaps help to make them all +x first and then -x all.?
To me it looks like a big advantage if it is possible to reduce the edit to only the one privilege we want to change.
@DukeComposed
Can 'find' find only the files with permission to run like programs and chmod them '-x' .?
Re: Calibrating permissions
Posted: Sat Sep 23, 2023 6:34 pm
by DukeComposed
Jakob77 wrote: Sat Sep 23, 2023 5:54 pm
Can 'find' find only the files with permission to run like programs and chmod them '-x' .?
As I said:
DukeComposed wrote: Wed Sep 20, 2023 7:17 pm
Extra credit: find supports an "-exec" argument that can used to run a command on the files/directories it returns. It also supports a "-perm" argument I mentioned earlier, and "\!" can be used to negate the permissions check, i.e., "find dir -type d \! -perm 0755" should give a list of all directories and subdirectories that do not have mode 0755.
If you run "man find" it will give you a comprehensive list of options that find supports. Perhaps more importantly here, there is a section labeled "EXAMPLES" that can show you how to run find with the "-perm" argument to look only for files with a certain mode.
I found a useful illustrated guide to UNIX file permissions online, courtesy of the amazing Julia "b0rk" Evans:
https://i.pinimg.com/originals/fb/65/0a ... 3fc608.jpg
That guide will explain what find is doing in this example:
Code: Select all
mkdir test
cd test
touch one two three four
chmod 0700 one
chmod 0770 two
chmod 0777 three
find . -type f -perm /111
./three
./one
./two
I also could've written it "find . -type f -perm /u=x,g=x,o=x", if that's easier to parse.
Re: Calibrating permissions
Posted: Sun Sep 24, 2023 6:52 pm
by Jakob77
Thank you.
@Charlie Brown
In a new
.thunderbird I find approximately 50 files with five different permissions:
700
777
755
644
600
I don't know how smart this syntax is but I think it gives a good output for further work if needed:
Code: Select all
find . -printf "%m %f %g\n" | column -t
And the output I could spend a cosy time knitting with chmod for lines for the script something like this:
Code: Select all
chmod 644 ~/.thunderbird/profiles.ini
next file and so on..... this far it looks okay in theory.
However...
In my backup I find more than 2.000 files with only two different permissions:
777
755
There are a lot more files, different filenames and different folders.
And maybe some permissions are changed on purpose.
How am I ever going to be able to solve this correctly.?
Is it unfair to name it a security hole in Thunderbird and expect the Thunderbird developers to fix it.?
Re: Calibrating permissions
Posted: Mon Sep 25, 2023 4:59 am
by Eadwine Rose
Jakob77 wrote: Sun Sep 24, 2023 6:52 pm
Is it unfair to name it a security hole in Thunderbird and expect the Thunderbird developers to fix it.?
Report to the TB people if there is a TB problem.
Re: Calibrating permissions
Posted: Mon Sep 25, 2023 8:01 am
by fehlix
Jakob77 wrote: Sun Sep 24, 2023 6:52 pm
In a new
.thunderbird I find approximately 50 files with five different permissions:
Is it unfair to name it a security hole in Thunderbird and expect the Thunderbird developers to fix it.?
Where do you see a "security hole"?
The top Thunderbird profile folder ".thunderbird" within users home
provides only access for the user (and root) for all files and folder underneath:
Code: Select all
ls -nd .thunderbird/
drwx------ 6 1000 1000 165 Sep 10 19:56 .thunderbird/
Suggest, to study a bit about access rights in rgrd to permissions and ownership in linux file systems.
HTH
Re: Calibrating permissions
Posted: Mon Sep 25, 2023 12:57 pm
by Jakob77
fehlix
I hope there are more defense lines without holes than just that one.
I think it is about holding the fort and that takes more than one defense line.
If you let the fort full of Trojan horses without doing anything about it for years it is not really optimal for holding the fort. No good and no safety in that. It is just an extra unnecessary risk.
And maybe it is easy to put it right for those who knows the program.
Eadwine Rose wrote: Mon Sep 25, 2023 4:59 am
Jakob77 wrote: Sun Sep 24, 2023 6:52 pm
Is it unfair to name it a security hole in Thunderbird and expect the Thunderbird developers to fix it.?
Report to the TB people if there is a TB problem.
I thought you had already done that. :-)
Do you know the best place to do it.?
Re: Calibrating permissions
Posted: Mon Sep 25, 2023 1:49 pm
by Eadwine Rose
Google :) Pretty sure you're smart enough to know where to find the place to report something on TB. :)
Re: Calibrating permissions
Posted: Mon Sep 25, 2023 4:34 pm
by Jakob77
Yes, I can always do more.
It might just take a little longer. ;-)
If I am the only user being concerned it is also a logic consequence that the priority will be lowered.
~/Desktop and ~/.icons are already put in for advice on an external page:
https://forum.xfce.org/viewtopic.php?pid=73293#p73293
