[prev in list] [next in list] [prev in thread] [next in thread] 

List:       scap-security-guide
Subject:    Definition of 'files/directories'' with regard to permissions
From:       rsanders () TrustedCS ! com (Robert Sanders)
Date:       2012-11-28 21:44:04
Message-ID: 848FB1215E2AD643A5E10D906091D3FB558B0A () TCSEXCH1 ! tcs-sec ! com
[Download RAW message or body]

 

> 
> Files are not directories. Their permissions must be 
> different because they have different meanings. I think its 
> safe to say that if a file in /etc/skel needs to be world 
> readable, then any subdirectory should be world readable and 
> searchable.
> 
> Steve
> 

I agree with your take on the intent.  I'd always been taught that 'everything' is a \
file in *nix, just that some files are more special than others :), using the higher \
order bits of the mode to indicate what kind of 'special'.

Looking at the benchmark I wasn't sure if the id used to collect the files in \
/etc/skel (oval:mil.disa.fso.rhel.obj:13300) distinguished bewteen regular files and \
directories.  This same object is used for checking the owner/group restrictions as \
well as the permissions.  GEN001820 (allowed user owners) explicitly calls out for \
checking directories, whereas GEN001830 (allowed group owner) just references the \
files themselves.  I don't have a box up right now with the SCC checker running to \
see what happens to either man pages (except that I don't see GEN001280 in the \
benchmark) or if KDE is installed.

-Rob


[prev in list] [next in list] [prev in thread] [next in thread]