[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: sudo make install

From: Bob Proulx
Subject: Re: sudo make install
Date: Sat, 18 Apr 2015 13:32:21 -0600
User-agent: Mutt/1.5.23 (2014-03-12)

Michael Heerdegen wrote:
> Bob Proulx writes:
> > Here we are talking about the 'staff' group.  Then the user should
> > have a 'umask 02' setting so that new files are created group writable
> > so that the other members of the group can write them.
> Isn't there a not "missing"?  I.e. user should have a 00 umask, I think.

To the first question I am sorry but I don't understand "missing" in
this context.  I don't think I left a "not" out.

To the second about a 00 umask, no.  That would cause new files
created writable by anyone.  That isn't desirable.

The 'umask 02' is perfect.  Let me walk through examples.

  address@hidden:~$ mkdir /tmp/junk
  address@hidden:~$ chgrp photos /tmp/junk
  address@hidden:~$ chmod g+ws /tmp/junk

I created a directory.  I changed the group to the shared work group.
I made sure the group was group writable, the g+w part.  I made sure
the group was set-group-id, the g+s part.  I combined g+w and g+s into
the g+ws action, group plus writable and set-id-group-id.  I use and
recommend the symbolic modes over the old octal modes.  The g+s part
means that new files are created group photos rather than the user's
primary group.  The user must be in group photos in order to have
permissions in the directory to create files there.

  address@hidden:~$ ls -ld /tmp/junk
  drwxrwsr-x 2 rwp photos 4096 Apr 18 13:09 /tmp/junk
  address@hidden:~$ cd /tmp/junk
  address@hidden:/tmp/junk$ umask 077
  address@hidden:/tmp/junk$ date > date077
  address@hidden:/tmp/junk$ ls -l date077
  -rw------- 1 rwp photos 29 Apr 18 13:10 date077

Obviously 077 isn't desirable for group use.  I just put that in there
because I see it often when people are scared and thinking that
supermax-prison-lockdown-mode is best.

  address@hidden:/tmp/junk$ umask 022
  address@hidden:/tmp/junk$ date > date022
  address@hidden:/tmp/junk$ ls -l date022
  -rw-r--r-- 1 rwp photos 29 Apr 18 13:10 date022

Neither is 022 good because it means that other people working in this
shared photos group can't write the shared files.  The classic Unix
way is that all users are in the same shared 'users' group.  That
caused umask 022 to be used.

  address@hidden:/tmp/junk$ umask 02
  address@hidden:/tmp/junk$ date > date02
  address@hidden:/tmp/junk$ ls -l date02
  -rw-rw-r-- 1 rwp photos 29 Apr 18 13:10 date02

Using 02 is perfect because files are created group writable.  Other
members of the group can work with the same files.  Others not in the
group can't write to those files.  This works great when users are
always in their own private group.  My user rwp is in an rwp group.
My user:group is rwp:rwp on GNU/Linux systems not rwp:users as it was
on the old AT&T System V Unix.  Having rwp:rwp allows me to use a
'umask 02' all of the time.  Users must be in group 'photos' order to
have permission to write the the date02 file.

  address@hidden:/tmp/junk$ umask 0
  address@hidden:/tmp/junk$ date > date0
  address@hidden:/tmp/junk$ ls -l date0
  -rw-rw-rw- 1 rwp photos 29 Apr 18 13:10 date0

Using 'umask 0' means files are writable by 'other'.  (In the "user",
"group", "other" classifications.)  That isn't good.  Let's say a
Wordpress PHP installation is running in the standard WP way, is
cracked, and an attacking 'www-data' process tries to write to files.
It could write to such a file that is writable by other.  If it
weren't for the 'other' write permission then that file would have
been perfectly safe from the attack.  If none of the files on the
system are writable by other then it provides a security layer against
attacking processes.  (Obviously some things such as /tmp must be
writable by other.  But the +t bit limits attacks there.)

'rwp' is in the 'photos' group as a secondary group and therefore has
permissions on files there.

  address@hidden:/tmp/junk$ id
  uid=1000(rwp) gid=1000(rwp) 

I used 'photos' as an example in the above because I was hoping an
alternate use would come at things from a different angle and be
useful.  People might see the utility of UPG better.  But it is the
same as working with 'staff' in the /usr/local directory tree.

Again, if you are a solo individual working on your own laptop or
whatever then umask doesn't matter.  If you are in group 'staff' then
you would be able to 'make install' and write the files to /usr/local
without root (without sudo, without su) and the files could be written
using a more restrictive 022 umask.  The umask strategy above only
comes into play when there are multiple users needing to share a
working area.

Hope that helps,

reply via email to

[Prev in Thread] Current Thread [Next in Thread]