Page MenuHomeSolus
Create Task
Maniphest T10560

permissions for /root are too lax
Closed, ResolvedPublicBUG
Actions

Description

I have a system where I didn't run updates for about 4 weeks. I installed all available updates as of today and recognized that permissions of /root were changed.
Before the update they definitely were 0700 (on my system), afterwards they were 0755. helium and TracyC confirmed that they have the same lax permissions.

While I cannot tell whether that 0755 might have always been the default on Solus (and only I changed it to 0700 myself in the past), I think /root should 0700.

I'm running Budgie on stable (but I think that shouldn't matter for this issue).

Revisions and Commits

R419 baselayout
R419:20797d16671c baselayout: chmod 0770 /root (instead of 0755)

Related Objects

Event Timeline

leapfog created this task.Jun 21 2023, 4:14 PM
Herald edited projects, added Lacks Project; removed Triage Team. · View Herald TranscriptJun 21 2023, 4:14 PM
TClark77 added a subscriber: TClark77.Jun 21 2023, 4:38 PM
TClark77 added a comment.Jun 21 2023, 4:49 PM

The last change to how Solus sets directory permissions was made in 2018, so this probably wasn't caused by an update
The permissions are set in baselayout/actions.py
https://dev.getsol.us/source/baselayout/history/master/actions.py

From what I can find there is no standard for this. Ubuntu uses 700. RedHat and derivatives use 550.

There is another consideration, we recently changed user home directories from 755 to 770 - https://dev.getsol.us/T10379
Would similar reasoning for that change apply here?

TClark77 edited projects, added Plumbing; removed Lacks Project.Jun 21 2023, 4:49 PM
leapfog added a comment.Jun 21 2023, 6:35 PM

It definitely has been changed (on my system) by the update I run today (where btw. baselayout was updated from 1.8.0-64-1-x86_64 to 1.8.0-67-1-x86_64).

One can easily check like this:

# chmod -c og= /root/
mode of '/root/' changed from 0755 (rwxr-xr-x) to 0700 (rwx------)
# eopkg install --reinstall baselayout
[...]
# chmod -c og= /root/
mode of '/root/' changed from 0755 (rwxr-xr-x) to 0700 (rwx------)

While 0770 wouldn't be a problem (as /root/ is root:root), others shouldn't be able to have any access to /root/.

TClark77 added a project: Restricted Project.Jun 21 2023, 8:41 PM
ermo added a subscriber: ermo.EditedJun 22 2023, 3:14 PM

@TClark77

I think we'll want to chmod -Rc 0770 /root during baselayout creation (to be consistent with /home/foo permissions), since it looks like the wrapped mkdir command is indeed using a default umask of 0755 like I idly speculated a day or two ago.

ermo closed this task as Resolved by committing R419:20797d16671c: baselayout: chmod 0770 /root (instead of 0755).Jun 22 2023, 9:47 PM
ermo claimed this task.
ermo added a commit: R419:20797d16671c: baselayout: chmod 0770 /root (instead of 0755).
Copyright © 2015-2021 Solus Project. The Solus logo is Copyright © 2016-2021 Solus Project. All Rights Reserved.