Posts Tagged: linux

ComputingNo Comments
3
Apr 08

Permissions for home directories

Systems administrators are usually paranoid about remote, anonymous black-hat hackers finding vulnerabilities in their security and then doing malicious acts. What is often disregarded is security against known systems users. Lack of security in this respect can be tolerated for intimate groups with some sort of trust system, but there is no excuse for this when regular users are effectively still anonymous.

I happened to come across a highly recommended and fairly expensive shared web host that missed a very obvious point for systems security: readable home directories.

With shared web hosts, upon completion of the registration process, each registrant is usually granted a systems user account with a home directory created using the tool adduser. In a number of UNIX-based distributions (eg., Debian, Ubuntu, Mac), user directories are created with the permissions 0755 by default. This means that the home directory of a user would be browseable by all the other users, and that readable contents of this would be readable by all too. That would be alarming, especially if users are not warned to keep from storing sensitive data beforehand.

I wrote a (support) ticket to the hosting company regarding this, and told them that home directory permissions should, at the very least, be 0751. But of course. I found a huge database dump of another user with whom I shared my web host, and I am sure as hell I could earn grands selling the IP addresses there, if any. The CEO of the company replied, saying that they were actually aware of the permissions but that there would be problems with Apache and other applications that the users might need if the permissions were changed. Silly excuse. I was also assured that they constantly monitored activity and warned users if they found the users were storing private data that were for everyone to see. What about the database dump I found? I suggested that they make use of user groups, and insisted that they still change the adduser configuration. Finally, he informed me that they were already finding ways to resolve the application requirement issues, and already changed the default setting for adduser.

If the default home directory permissions issue is relevant to you, you might want to take a look at /etc/adduser.conf:

# If DIR_MODE is set, directories will be created with the specified
# mode. Otherwise the default mode 0755 will be used.
DIR_MODE=0751

Changing the default permissions would not update the permissions of already existing home directories.

If you are a web host manager and want to handle the applications being run, investigate user groups.

Computing2 Comments
22
May 07

X in rotated mode

I came across this convenient option a couple of years ago, but I only used it for amusement — a screen that is taller than it is wide is not a common sight. I realized last night, though, that it can be pretty useful if you have a migraine and just want to lie down, but could not let go of an e-book. To those who are not aware of this option yet, check it out by adding the following line in the video card device section of your xorg.conf:

Option "Rotate" "270"

Haha, what is more, you have an electronic notebook that you can pretend is like those paper books you can fold crosswise.

Computing1 Comment
6
Feb 07

UI modifications

I have generally been busy lately, but I was able to do a bit of tinkering with my relatively fresh system:

  1. Desktop wallpaper. I recently realized that bright desktop wallpapers actually make me happy, so I replaced the plain dark-blue background I have been with for quite some time already to the wallpaper that I used and loved two or three years ago.
  2. IceWM theme. I tweaked my IceWM settings to have things close to how my Gnome user interface was before. The theme is not yet done, but I have a screenshot uploaded for those who want a little peek.
  3. xterm and Unicode. Because I read from this page that, apparently:

    The xterm version that comes with XFree86 4.0 or higher (maintained by Thomas Dickey) includes UTF-8 support.

  4. imagemagick and Print Screen key. I set up xbindkeys so I can grab a screenshot by just pressing the Print Screen key.

Back to work.

ComputingNo Comments
11
Nov 06

WTF console font

Slightly WTF:

consolechars -f t850b
ComputingNo Comments
14
Sep 06

TODO list syntax-highlighting for nano

Until a couple of weeks ago, I never used nano except to make minor modifications to files. I was setting up the new server for CERSA from the base Debian system, and since nano was among the few more friendly text editors already included, it occurred to me to try the program out.

The first thing that I had to do for migration from the current server to the new server was to, of course, prepare a detailed TODO list. To keep this list from looking cluttered, I put together a simple syntax-highlighting system. Below is a bit from the nanorc file I worked with:

syntax "todo" "^TODO"
color brightblack "^[^ <>tn]+"
color brightcyan start="^[ t]*>[ t]*" end="$"
color cyan start="^[ t]*<[ t]*" end="$"
color brightgreen start="^[ t]*-[ t]*" end="$"
color green start="^[ t]*+[ t]*" end="$"
color red "TODO"

nano is pretty straight-forward, and that makes it really cool too.

← Older Entries