我使 /usr/local/ 全世界可写，这样安全吗？

Question

这是我的系统的列表 /usr/local/

$ ls -lR /usr/local
/usr/local:
total 32
drwxr-xr-x 2 root root 4096 okt  7 09:33 bin
drwxr-xr-x 2 root root 4096 okt  7 09:33 etc
drwxr-xr-x 2 root root 4096 okt  7 09:33 games
drwxr-xr-x 2 root root 4096 okt  7 09:33 include
drwxr-xr-x 4 root root 4096 okt  7 09:38 lib
lrwxrwxrwx 1 root root    9 okt  7 22:15 man -> share/man
drwxr-xr-x 2 root root 4096 okt  7 09:33 sbin
drwxr-xr-x 8 root root 4096 okt 15 15:13 share
drwxr-xr-x 2 root root 4096 okt  7 09:33 src

/usr/local/lib:
total 8
drwxrwsr-x 4 root staff 4096 okt  7 09:43 python2.7
drwxrwsr-x 3 root staff 4096 okt  7 09:33 python3.5

/usr/local/lib/python2.7:
total 8
drwxrwsr-x 2 root staff 4096 okt  7 09:38 dist-packages
drwxrwsr-x 2 root staff 4096 okt  7 09:43 site-packages


/usr/local/lib/python3.5:
total 4
drwxrwsr-x 2 root staff 4096 okt  7 09:33 dist-packages


/usr/local/share:
total 24
drwxr-xr-x 2 root root  4096 okt  7 09:43 ca-certificates
drwxrwsr-x 3 root staff 4096 okt  7 09:42 emacs
drwxrwsr-x 2 root staff 4096 okt  7 09:43 fonts
drwxr-xr-x 2 root root  4096 okt  7 09:33 man
drwxrwsr-x 7 root staff 4096 okt  7 09:42 sgml
drwxrwsr-x 6 root staff 4096 okt 15 15:13 xml


/usr/local/share/emacs:
total 4
drwxrwsr-x 2 root staff 4096 okt  7 09:42 site-lisp


/usr/local/share/sgml:
total 20
drwxrwsr-x 2 root staff 4096 okt  7 09:42 declaration
drwxrwsr-x 2 root staff 4096 okt  7 09:42 dtd
drwxrwsr-x 2 root staff 4096 okt  7 09:42 entities
drwxrwsr-x 2 root staff 4096 okt  7 09:42 misc
drwxrwsr-x 2 root staff 4096 okt  7 09:42 stylesheet


/usr/local/share/xml:
total 16
drwxrwsr-x 2 root staff 4096 okt 15 15:13 declaration
drwxrwsr-x 2 root staff 4096 okt 15 15:13 entities
drwxrwsr-x 2 root staff 4096 okt 15 15:13 misc
drwxrwsr-x 2 root staff 4096 okt 15 15:13 schema

要修复 /usr/local/，请发出以下命令：

cd /usr/local/
chmod 755 *
chmod 777 man
cd /usr/local/lib/
chmod 775 *
chmod g+s *
chmod g+s python2.7/*
chmod g+s python3.5/*
cd /usr/local/share/
chmod 755 *
chmod 775 emacs fonts sgml xml
chmod g+s emacs fonts sgml xml
chmod 775 emacs/*
chmod g+s emacs/*
chmod 775 sgml/*
chmod g+s sgml/*

就应该这样。

g+s 设置 SGID 位（组粘性）
775 = 读写x接收
755 = rwx rx rs

Answer 1

这是我的系统的列表 /usr/local/

$ ls -lR /usr/local
/usr/local:
total 32
drwxr-xr-x 2 root root 4096 okt  7 09:33 bin
drwxr-xr-x 2 root root 4096 okt  7 09:33 etc
drwxr-xr-x 2 root root 4096 okt  7 09:33 games
drwxr-xr-x 2 root root 4096 okt  7 09:33 include
drwxr-xr-x 4 root root 4096 okt  7 09:38 lib
lrwxrwxrwx 1 root root    9 okt  7 22:15 man -> share/man
drwxr-xr-x 2 root root 4096 okt  7 09:33 sbin
drwxr-xr-x 8 root root 4096 okt 15 15:13 share
drwxr-xr-x 2 root root 4096 okt  7 09:33 src

/usr/local/lib:
total 8
drwxrwsr-x 4 root staff 4096 okt  7 09:43 python2.7
drwxrwsr-x 3 root staff 4096 okt  7 09:33 python3.5

/usr/local/lib/python2.7:
total 8
drwxrwsr-x 2 root staff 4096 okt  7 09:38 dist-packages
drwxrwsr-x 2 root staff 4096 okt  7 09:43 site-packages


/usr/local/lib/python3.5:
total 4
drwxrwsr-x 2 root staff 4096 okt  7 09:33 dist-packages


/usr/local/share:
total 24
drwxr-xr-x 2 root root  4096 okt  7 09:43 ca-certificates
drwxrwsr-x 3 root staff 4096 okt  7 09:42 emacs
drwxrwsr-x 2 root staff 4096 okt  7 09:43 fonts
drwxr-xr-x 2 root root  4096 okt  7 09:33 man
drwxrwsr-x 7 root staff 4096 okt  7 09:42 sgml
drwxrwsr-x 6 root staff 4096 okt 15 15:13 xml


/usr/local/share/emacs:
total 4
drwxrwsr-x 2 root staff 4096 okt  7 09:42 site-lisp


/usr/local/share/sgml:
total 20
drwxrwsr-x 2 root staff 4096 okt  7 09:42 declaration
drwxrwsr-x 2 root staff 4096 okt  7 09:42 dtd
drwxrwsr-x 2 root staff 4096 okt  7 09:42 entities
drwxrwsr-x 2 root staff 4096 okt  7 09:42 misc
drwxrwsr-x 2 root staff 4096 okt  7 09:42 stylesheet


/usr/local/share/xml:
total 16
drwxrwsr-x 2 root staff 4096 okt 15 15:13 declaration
drwxrwsr-x 2 root staff 4096 okt 15 15:13 entities
drwxrwsr-x 2 root staff 4096 okt 15 15:13 misc
drwxrwsr-x 2 root staff 4096 okt 15 15:13 schema

要修复 /usr/local/，请发出以下命令：

cd /usr/local/
chmod 755 *
chmod 777 man
cd /usr/local/lib/
chmod 775 *
chmod g+s *
chmod g+s python2.7/*
chmod g+s python3.5/*
cd /usr/local/share/
chmod 755 *
chmod 775 emacs fonts sgml xml
chmod g+s emacs fonts sgml xml
chmod 775 emacs/*
chmod g+s emacs/*
chmod 775 sgml/*
chmod g+s sgml/*

就应该这样。

g+s 设置 SGID 位（组粘性）
775 = 读写x接收
755 = rwx rx rs

我使 /usr/local/ 全世界可写，这样安全吗？

答案1

相关内容