我经常看到用户尝试解决问题并在某个地方读取,或者只是尝试递归地访问chown
其主目录,有时甚至还会递归地将权限重置为rwxr-xr-x
类似的权限。
想象一下这样的所有者/权限大屠杀-是否存在需要特殊权限或由root拥有才能使系统正常工作的关键文件/目录?
~
根目录中不必拥有任何文件。如果某个软件要求您的主目录中的文件由另一个用户拥有,则它是一个错误,应这样报告。
除此之外,一个常见的情况是涉及两个与安全相关的软件,这些软件需要对某些文件具有受限的权限,即:
参见man ssh
,部分FILES
:
~/.ssh/config
This is the per-user configuration file. The file format and
configuration options are described in ssh_config(5). Because of
the potential for abuse, this file must have strict permissions:
read/write for the user, and not writable by others. It may be
group-writable provided that the group in question contains only
the user.
~/.ssh/identity
~/.ssh/id_dsa
~/.ssh/id_ecdsa
~/.ssh/id_ed25519
~/.ssh/id_rsa
Contains the private key for authentication. These files contain
sensitive data and should be readable by the user but not acces‐
sible by others (read/write/execute). ssh will simply ignore a
private key file if it is accessible by others. It is possible
to specify a passphrase when generating the key which will be
used to encrypt the sensitive part of this file using 3DES.
其他文件(例如authorized_keys
,known_hosts
等)应仅可由用户写入,但可以被世界范围内读取。
~/.gnupg
(和内容)只能由您访问。使用其他权限,GPG将抱怨不安全的权限。
本文收集自互联网,转载请注明来源。
如有侵权,请联系[email protected] 删除。
我来说两句