-
Notifications
You must be signed in to change notification settings - Fork 61
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Set graveyard permissions to 700 by default #20
Comments
IIRC the reasoning to make it world-readable was out of convenience:
often the only other user on a machine is `root`, and it's annoying to
have to `su` just to be able to read stuff on a personal computer. For
a use case where multi-user security is necessary, you probably
1. already have some sort of private directory structure to put the
graveyard under and 2. already have some sort of automated environment
setup to lean on, so it's not much trouble to configure per-user
graveyards. Does that apply to your use case?
|
If the only users on a machine are root and a single user, then As for using a multi-user machine, I still feel that a secure default would be best, as not everyone will realize that others could read their files. A common example would be students using a lab machine at a university. Their home directories are not readable by other users, however everyone will be able to view the files that they've Unless I've overlooked something, I don't see any downsides to this approach. Even if there were something that were inconvenient, I would still personally err on the side of caution and prefer security over ease of use. |
When I This is because by default files that a user, alice, makes have permissions This can be really problematic for ssh key, or other private files. I didn't expect this behavior out of this tool, and I don't expect anyone else would either. By default, I would expect the to have the same visibility that it had before I rypervenches's suggestion would be one way to address that. |
Yeah, the current behavior is definitely concerning. I'll try to find some time to think about this and other maintenance in the near future.
…On 29 May 2021 23:33, blargg ***@***.***> wrote:
When I `rm tmp` it becomes less visible, no one can view it as a file. When I `rip tmp` it becomes more visible, anyone can view it as a file.
This is because by default files that a user, alice, makes have permissions `-rw-r--r-` (anyone can read it), but the user home directory `/home/alice` has permissions `drwx-----`, only alice can view the files inside it.
When alice runs `rip /home/alice/tmp`, tmp moves to `/tmp/graveyard-alice/home/alice/tmp`, but `/tmp/graveyard-alice/home` has permissions `drwxr-xr-x`, anyone on the system can read it. Everyone on the system already had permission to read the file, but now they have permissions to read all the parent directories too.
This can be really problematic for ssh key, or other private files.
I didn't expect this behavior out of this tool, and I don't expect anyone else would either. By default, I would expect the to have the same visibility that it had before I `rip` it.
rypervenches's suggestion would be one way to address that.
|
Thanks. I appreciate that. |
Would this not be the solution |
I know this thread is old, but I've implemented this in my fork of rm-improved: https://github.com/StandingPadAnimations/rip/releases/tag/0.14.0 Let me know if there's any issues |
It would be nice if the default permissions on the graveyard were 700, that way other users wouldn't be able to look at the files inside.
The text was updated successfully, but these errors were encountered: