Boys, this is just a little too heavy. I want to use secure file permissions within OpenSUSE, but having to provide the root password for every window I click is just a little too much. 
Wonder what the setting âparanoidâ does then. And I also wonder how to adjust the safe settings to not get prompted with every single click.
CREATE A ROOT ACC n party every day n rocknroll all nightsrotfl!rotfl!rotfl!rotfl!
Use ls -l to see the permissions of files (list-long). They will appear like this, note that I have added spaces between permissions to make it easier to read:
Where: r = read, w = write, x = execute - rwx rw- r-- 1 newuser newuser
typeownergroupothers
This number is the number of hard links (pointers) to this file. You can use ln to create another hard-link to the file.
This is the type of file. â-â means a regular file, âdâ would mean a directory, âlâ would mean a link. There are also other types such as âcâ for character device and âbâ for block device (found in the /dev/ directory).
These are the permissions for the owner of the file (the user who created the file).
These are the permissions for the group, any users who belong is the same group as the user who created the file will have these permissions.
These are the permissions for everyone else. Any user who is outside the group will have these permissions to the file.
The two names at the end are the username and group respectively.
chmod
Change file access permissions for a file(s).
There are two methods to change permissions using chmod; letters or numbers.
Letters Method:
use a + or - (plus or minus sign) to add or remove permissions for a file respectively. Use an equals sign =, to specify new permissions and remove the old ones for the particular type of user(s).
You can use chmod letter where the letters are:
a (all (everyone)), u (user), g (group) and o (other).
Examples:chmod u+rw somefile
This would give the user read and write permission.
chmod o-rwx somefile
This will remove read/write/execute permissions from other users (doesnât include users within your group).
chmod a+r somefile
This will give everyone read permission for the file.
chmod a=rx somefile
This would give everyone execute and read permission to the file, if anyone had write permission it would be removed.
Numbers Method:
you can also use numbers (instead of letters) to change file permissions. Where:
r (read) = 4 w (write) = 2 x (execute) = 1
Numbers can be added together so you can specify read/write/execute permissions; read+write = 6, read+execute = 5, read+write+execute = 7
Examples:chmod 777 somefile
This would give everyone read/write/execute permission on âthis_fileâ. The first number is user, second is group and third is everyone else (other).
chmod 521 somefile
This would give the user read and execute permission, and the group write permission (but not read permission!) and everyone else execute permission. (Note that itâs just an example, settings like that donât really make senseâŚ).
chown
Changes the ownership rights of a file (hence the name âchownâ - change owner). This program can only be used by root.
Use the -R option to change things recursively, in other words, all matching files including those in subdirectories.
Command syntax:chown owner:group the_file_name
sticky bit
Only the person who created the file within a directory may delete it, even if other people have write permission. You can turn it on by typing: chmod 1700 somedirectory (where 1 = sticky bit)
or (where t represents the sticky bit)chmod +t somedirectory
To turn it off you would need to type:chmod 0700 somefile (where the zero would mean no sticky bit)
or (where t represents the sticky bit)
chmod -t somefile
Note that the permissions arenât relevant in the numbers example, only the first number (1 = on, 0 = off).
An example of a sticky directory is usually /tmp
suid
Allow SUID/SGID (switch user ID/switch group ID) access. You would normally use chmod to turn this on or off for a particular file, suid is generally considered a security hazard so be careful when using this.
Example:chmod u+s file_name
This will give everyone permission to execute the file with the permissions of the user who set the +s switch.
WTF man. Thanks for your copy 'n paste. Please re-read my question again. Using the secure settings within YaST is no problem. Punching the pass every single time is.
OOh im sorry for replying the great mask who can not set file permissions for the files the moron wanna read
rotfl!rotfl!rotfl!rotfl!
Oh and the setting is just another nobody does acctually know anything about it ,but it seems flashy doesnt it
keep smoking
On Tue December 1 2009 12:36 pm, TheMask wrote:
>
> Boys, this is just a little too heavy. I want to use secure file
> permissions within OpenSUSE, but having to provide the root password for
> every window I click is just a little too much.
> Wonder what the setting âparanoidâ does then. And I also wonder how to
> adjust the safe settings to not get prompted with every single click.
>
>
TheMask;
There is information about the various settings in the files:
/etc/permissions.x, where x is one of easy,local,secure,paranoid or blank.
I assume you could alter the values to suit your taste. As for paranoid,
there was a recent post where the OP had set paranoid permissions and locked
himself out of the machine.
P. V.
âWeâre all in this together, Iâm pulling for you.â Red Green
Those are absolutely unacceptable replies. Please spread your rants and crazy âadviceâ elsewhere. Thanks.
That is exactly what I thought. Only thing that gets in trhe way somehow is that OpenSUSE prompts for the pass for every single program. Some advice on a correct altering would be great!
Ack! I knew it. Thanks for warning though⌠
@TheMask -
The particular permissions set used is controlled in /etc/sysconfig/security. How all this works is described in /etc/permissions. Run the YaST /etc/sysconfig Editor and look under System/Security. IIRC the installed default âPermission_Securityâ value is âeasy localâ, which points to the files /etc/permissions.easy and /etc/permissions.local. âEasyâ is intended for a single-user system, âsecureâ for a multi-user/networked environment, and âparanoidâ special cases (definitely not single-user). âLocalâ is an empty template which can be modified if one of the others isnât a good fit. The value of âCheck_Permissionsâ should ordinarily be âsetâ, although âwarnâ and ânoâ are also options.
Having said all that, if you are getting prompted for the root password constantly, then either the permissions setup above is somehow borked, or something else altogether is going on (in which case, sorry to say, I canât be of much help).
On Tue December 1 2009 04:26 pm, TheMask wrote:
>
<snip>
>
> venzkep Wrote:
>> There is information about the various settings in the files:
>> /etc/permissions.x, where x is one of easy,local,secure,paranoid or
>> blank. I assume you could alter the values to suit your taste.
>
> That is exactly what I thought. Only thing that gets in trhe way
> somehow is that OpenSUSE prompts for the pass for every single program.
> Some advice on a correct altering would be great!
>
<snip>
>
TheMask;
There is documentation within the above files. Compare the contents of
permissions.easy and permissions.secure to see whatâs different. I will
confess that it has been a long time (SuSE 9.X) since I played with these.
Have you placed your user in the âtrustedâ group?
It may take a little playing around to get it all right. I would get
a âsandboxâ machine to play with. If you screw things up to badly just
reinstall. I wouldnât suggest playing around with your regular system here
unless you are prepared to reinstall.
Good Luck;
â
P. V.
âWeâre all in this together, Iâm pulling for you.â Red Green
Thanks, I´ll take a look later.
Mh⌠maybe I should consider letting file permission the way they are right now.
Reason is I´m still securing some systems against intruders due to the fact that those are running constantly over night. Thanks though. 
Move your standard ports to higher, different ones. AFAIK youâre free to use all ports above 49152 up till 65635. Change ssh from port 22 to a higher one, change the forwarding on your router accordingly.
I donât see the intruder messages anymore since I moved the http, ftp, ssh ports to other values.
Almost every machine I see suffers from this phenomenon, if default ports are being used.
Interesting. What does that mean? Possibly that intruders tried to get into your OpenSUSE machine through the internet?
Hi
I would assume so, most are scripts running dictionary attacks on things
like ssh open on port 22. The other ones are the windows OS ports like
netbios etcâŚ
You can also see nmap probes on ports < 1024 and then there are the
google bots etc looking for websites, some respect robots.txt some
donât.
â
Cheers Malcolm °¿° (Linux Counter #276890)
SUSE Linux Enterprise Desktop 11 (x86_64) Kernel 2.6.27.39-0.3-default
up 16:55, 2 users, load average: 0.06, 0.22, 0.21
GPU GeForce 8600 GTS Silent - CUDA Driver Version: 190.18
Probably. There are crackers/crooks that use automated tools to probe IPâs for vulnerabilities. Some focus on the commonly used ports, some do a wide-range random port scan. I secure my network behind a hardware router with a stateful packet firewall. There can be exposure if ports must be left opened for incoming initiated traffic (like ftp or bittorrent), hence the importance of not using the default ports (if possible) and secure software.