View Issue Details Jump to Notes ] Issue History ] Print ]
IDProjectCategoryView StatusDate SubmittedLast Update
0000087Openlinkpublic2007-01-20 16:372008-12-27 01:10
Assigned Tojonli447 
PlatformOSOS Version
Summary0000087: /etc/profile permissions
DescriptionOn the default LinkStation image, /etc/profile is not executable by regular users. When logging in using a non-root account an error occurs when trying to source the system profile.

su - postgres
sh: /etc/profile: Permission denied
Additional Information/etc/profile default permissions:
-rwx---- 1 root root /etc/profile

Should be something like:
-rwxr-xr-x 1 root root /etc/profile
TagsNo tags attached.
Openlink PlatformGL (arm9)
Attached Files

- Relationships

-  Notes
jonli447 (developer)
2007-01-26 02:41

Why do non-root accounts need to access /etc/profile? The box should be restrictive because it may be used to offer services to the open internet. Allowing all accounts to access /etc/profile may pose a security issue.

Please let us know the reasons why you believe /etc/profile should be world readable.

armstation (reporter)
2007-01-27 12:19

I should have explained this better.

The default LinkStation image only allows read-execute (and write) to the root user. (mode 700).

In addition to those permissions, there should be just read access allowed for other users (mode 644).

This is important when additional users need to be added. For instance if you create a database user and use that account to setup a database, this user will not be able to source /etc/profile. Only root should be able to write to /etc/profile, but all users should be able to read it.

I don't see any security issue as long as it is just read-only, not write access.

Consider the default Ubuntu /etc/profile permissions (644):
-rw-r--r-- 1 root root 369 2006-10-25 08:26 /etc/profile
jonli447 (developer)
2007-02-17 00:46

Changes will be implemented in the next release.

- Issue History
Date Modified Username Field Change
2007-01-20 16:37 armstation New Issue
2007-01-26 02:41 jonli447 Note Added: 0000014
2007-01-26 02:41 jonli447 Assigned To => jonli447
2007-01-26 02:41 jonli447 Status new => feedback
2007-01-27 12:19 armstation Note Added: 0000016
2007-02-12 17:00 jonli447 Status feedback => acknowledged
2007-02-17 00:46 jonli447 Note Added: 0000027
2007-02-17 00:46 jonli447 Status acknowledged => confirmed
2007-08-08 16:10 Uzume Note Added: 0000056
2007-08-08 16:10 Uzume Note Deleted: 0000056
2008-12-27 01:08 sungod Openlink Platform => GL (arm9)
2008-12-27 01:10 sungod Project @25@ => Openlink

Copyright © 2000 - 2018 MantisBT Team
Powered by Mantis Bugtracker