[prev in list] [next in list] [prev in thread] [next in thread]
List: scap-security-guide
Subject: Definition of 'files/directories'' with regard to permissions
From: rsanders () TrustedCS ! com (Robert Sanders)
Date: 2012-11-28 21:44:04
Message-ID: 848FB1215E2AD643A5E10D906091D3FB558B0A () TCSEXCH1 ! tcs-sec ! com
[Download RAW message or body]
>
> Files are not directories. Their permissions must be
> different because they have different meanings. I think its
> safe to say that if a file in /etc/skel needs to be world
> readable, then any subdirectory should be world readable and
> searchable.
>
> Steve
>
I agree with your take on the intent. I'd always been taught that 'everything' is a \
file in *nix, just that some files are more special than others :), using the higher \
order bits of the mode to indicate what kind of 'special'.
Looking at the benchmark I wasn't sure if the id used to collect the files in \
/etc/skel (oval:mil.disa.fso.rhel.obj:13300) distinguished bewteen regular files and \
directories. This same object is used for checking the owner/group restrictions as \
well as the permissions. GEN001820 (allowed user owners) explicitly calls out for \
checking directories, whereas GEN001830 (allowed group owner) just references the \
files themselves. I don't have a box up right now with the SCC checker running to \
see what happens to either man pages (except that I don't see GEN001280 in the \
benchmark) or if KDE is installed.
-Rob
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic