Results 1 to 9 of 9

Thread: file system permissions - paranoid

  1. #1

    Default file system permissions - paranoid

    a friend of mine (no, really, it actually wasn't me this time...) set his permissions to paranoid and now says he has basically 'locked himself out of the system' is what he said. how can you change this back?

    cheers.

  2. #2
    Join Date
    Mar 2008
    Location
    Oz
    Posts
    11,731
    Blog Entries
    2

    Default Re: file system permissions - paranoid

    Quote Originally Posted by thestig View Post
    a friend of mine (no, really, it actually wasn't me this time...) set his permissions to paranoid and now says he has basically 'locked himself out of the system' is what he said. how can you change this back?

    cheers.
    Try this: Boot off a live CD like Knoppix, SystemRescuCD, Suse live. Mount the root directory and access it. The file setting to paranoid is the file "security" which will be located below your mount point at /mount_point/etc/sysconfig/security. In the file "security" is a line that should look like this:
    PERMISSION_SECURITY="easy local"
    Your "friend" (come on thestig -- we know it's YOU [Laughing Out LOUD]) changed it so it contains the word "paranoid". Change it back to "easy local".

    Voila
    Leap 42.3 & 15.1 &KDE
    FYIs from the days of yore

  3. #3

    Default Re: file system permissions - paranoid

    thanks swerdna, i'll let him know. and honestly...it's really not me this time! i did make this mistake when using suse 10.0 though...

    what's the point in it if it stops you doing just about anything? he said it's locked him out of the system, but if i recall when i had suse 10.0 and did this i just couldn't use things like yast, it said permissions on the pw database may be too restrictive or something. doesn't sound like he has the same problem. anyway, i'll let him know,

    cheers

  4. #4

    Default Re: file system permissions - paranoid

    From the description in YAST of paranoid setting, it says that paranoid makes it so you have give Xsession permissions to users.

    My guess is when he says he is locked out of the system it is just that he can't start a proper Xsession or at least some of the stuff he wants to do can't run since the priviledges weren't done right

    At least that was the idea I got from reading this part. Especially the bit in bold

    File Permissions: Settings for the permissions of certain system files are set according to the data in /etc/permissions.secure or /etc/permissions.easy. Which file is used depends on this selection. Launching SuSEconfig sets these permissions according to /etc/permissions.*. This fixes files with incorrect permissions, whether this occurred accidentally or by intruders.


    With Easy, most of the system files that are only readable by root in Secure are modified so other users can also read these files. Using Secure, certain system files, such as /var/log/messages, can only be viewed by the user root. Some programs can only be launched by root or by daemons, not by ordinary users. The most secure setting is Paranoid. With it, you must decide which users are able to run X applications and setuid programs

  5. #5
    Join Date
    Mar 2008
    Location
    Oz
    Posts
    11,731
    Blog Entries
    2

    Default Re: file system permissions - paranoid

    Quote Originally Posted by thestig View Post
    thanks swerdna, i'll let him know. and honestly...it's really not me this time! i did make this mistake when using suse 10.0 though...

    what's the point in it if it stops you doing just about anything? he said it's locked him out of the system, but if i recall when i had suse 10.0 and did this i just couldn't use things like yast, it said permissions on the pw database may be too restrictive or something. doesn't sound like he has the same problem. anyway, i'll let him know,

    cheers
    @thestig: I tried a variation on this theme. I changed to paranoid and tested this simpler way to reverse the setting. Boot the computer and on the initial Grub boot screen type the numeral 1. You will boot to runlevel 1 which is a pure root console session. Authenticate/login as root. Start Xsession by entering startx into the console. That gives full GI access. Open the file /etc/sysconfig/security in your favourite editor and fix the line to:
    PERMISSION_SECURITY="easy local"
    Reboot and you're back.
    Leap 42.3 & 15.1 &KDE
    FYIs from the days of yore

  6. #6

    Default Re: file system permissions - paranoid

    thanks, i will see him tomorrow i think so will let him know then.

    cheers.

  7. #7
    Join Date
    Mar 2008
    Location
    Oz
    Posts
    11,731
    Blog Entries
    2

    Default Re: file system permissions - paranoid

    We live and we learn. The simplest way: start in runlevel 1 console. Run startx and use Yast to put it back the way it was.
    Leap 42.3 & 15.1 &KDE
    FYIs from the days of yore

  8. #8

    Default Re: file system permissions - paranoid

    unfortunately he set a grub password and forgot it (or it won't accept it or something) so i've had to suggest the live disc method to him. hopefully it works, will let you know.

    cheers

  9. #9
    Join Date
    Mar 2008
    Location
    Oz
    Posts
    11,731
    Blog Entries
    2

    Default Re: file system permissions - paranoid

    Quote Originally Posted by thestig View Post
    unfortunately he set a grub password and forgot it (or it won't accept it or something) so i've had to suggest the live disc method to him. hopefully it works, will let you know.

    cheers
    Chuckle.....
    Leap 42.3 & 15.1 &KDE
    FYIs from the days of yore

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •