| Anonymous | Login | Signup for a new account | 2013-06-19 11:34 UTC |  |
| Main | My View | View Issues |
| View Issue Details [ Jump to Notes ] | [ Issue History ] [ Print ] | ||||||||||
| ID | Project | Category | View Status | Date Submitted | Last Update | ||||||
| 0000087 | Openlink | public | 2007-01-20 16:37 | 2008-12-27 01:10 | |||||||
| Reporter | armstation | ||||||||||
| Assigned To | jonli447 | ||||||||||
| Priority | normal | Severity | minor | Reproducibility | always | ||||||
| Status | confirmed | Resolution | open | ||||||||
| Platform | OS | OS Version | |||||||||
| Summary | 0000087: /etc/profile permissions | ||||||||||
| Description | On the default LinkStation image, /etc/profile is not executable by regular users. When logging in using a non-root account an error occurs when trying to source the system profile. example: su - postgres sh: /etc/profile: Permission denied | ||||||||||
| Additional Information | /etc/profile default permissions: -rwx---- 1 root root /etc/profile Should be something like: -rwxr-xr-x 1 root root /etc/profile | ||||||||||
| Tags | No tags attached. | ||||||||||
| Openlink Platform | GL (arm9) | ||||||||||
| Attached Files | |||||||||||
 Relationships |
|
 Relationships |
|
Notes |
|
|
(0000014) jonli447 (developer) 2007-01-26 02:41 |
Why do non-root accounts need to access /etc/profile? The box should be restrictive because it may be used to offer services to the open internet. Allowing all accounts to access /etc/profile may pose a security issue. Please let us know the reasons why you believe /etc/profile should be world readable. Thx. |
|
(0000016) armstation (reporter) 2007-01-27 12:19 |
I should have explained this better. The default LinkStation image only allows read-execute (and write) to the root user. (mode 700). In addition to those permissions, there should be just read access allowed for other users (mode 644). This is important when additional users need to be added. For instance if you create a database user and use that account to setup a database, this user will not be able to source /etc/profile. Only root should be able to write to /etc/profile, but all users should be able to read it. I don't see any security issue as long as it is just read-only, not write access. Consider the default Ubuntu /etc/profile permissions (644): -rw-r--r-- 1 root root 369 2006-10-25 08:26 /etc/profile |
|
(0000027) jonli447 (developer) 2007-02-17 00:46 |
Changes will be implemented in the next release. |
|
Notes |
|
Issue History |
|||
| Date Modified | Username | Field | Change |
| 2007-01-20 16:37 | armstation | New Issue | |
| 2007-01-26 02:41 | jonli447 | Note Added: 0000014 | |
| 2007-01-26 02:41 | jonli447 | Assigned To | => jonli447 |
| 2007-01-26 02:41 | jonli447 | Status | new => feedback |
| 2007-01-27 12:19 | armstation | Note Added: 0000016 | |
| 2007-02-12 17:00 | jonli447 | Status | feedback => acknowledged |
| 2007-02-17 00:46 | jonli447 | Note Added: 0000027 | |
| 2007-02-17 00:46 | jonli447 | Status | acknowledged => confirmed |
| 2007-08-08 16:10 | Uzume | Note Added: 0000056 | |
| 2007-08-08 16:10 | Uzume | Note Deleted: 0000056 | |
| 2008-12-27 01:08 | sungod | Openlink Platform | => GL (arm9) |
| 2008-12-27 01:10 | sungod | Project | @25@ => Openlink |
|
Issue History |
| Copyright © 2000 - 2011 MantisBT Group |
 |