RE: [newbie] [Blondes protection] Linux Pitfalls.
> -Original Message- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] Behalf Of Lyvim Xaphir > Sent: Wednesday, September 01, 2004 1:19 PM > To: [EMAIL PROTECTED] > Subject: RE: [newbie] [Blondes protection] Linux Pitfalls. > > > On Wed, 2004-09-01 at 07:31, Tony S. Sykes wrote: > > > > > I have, on a production server at work. With the unix guru > sat on my shoulder and he let me su and then rm *. > > So evidently you were not held culpable. (??) > > LX > > > Wrong, I was, but they didn't complain much as I did have the unix guru sat next to me. It's funny as we didn't use root very often to stop this kind of thing happening, so when I su'd to root I forgot that it put me in the root file system and just carried on with my rm command for the original directory. Needless to say after that root was only allowed for the real internal sysadmin. The tales that can be told by root access on customers servers by my companies staff. -+-+-+-+-+-+-+-+-+ Business Computer Projects - Disclaimer -+-+-+-+-+-+-+-+-+- This message, and any associated attachment is confidential. If you have received it in error, please delete it from your system, do not use or disclose the information in any way, and notify either the sender or [EMAIL PROTECTED] immediately. The contents of this message may contain personal views which are not necessarily the views of Business Computer Projects Ltd., unless specifically stated. Whilst every effort has been made to ensure that emails and their attachments are virus free, it is the responsibility of the recipient(s) to verify the integrity of such emails. Business Computer Projects Ltd BCP House 151 Charles Street Stockport Cheshire SK1 3JY Tel: +44 (0)161 355-3000 Fax: +44 (0)161 355-3001 Web: http://www.bcpsoftware.com Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com Join the Club : http://www.mandrakeclub.com
Re: [newbie] [Blondes protection] Linux Pitfalls.
Lyvim Xaphir wrote: On Wed, 2004-09-01 at 07:31, Tony S. Sykes wrote: I have, on a production server at work. With the unix guru sat on my shoulder and he let me su and then rm *. So evidently you were not held culpable. (??) Nein, wir habe es nicht gewusst, i only did what i was told to do. :P Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com Join the Club : http://www.mandrakeclub.com
RE: [newbie] [Blondes protection] Linux Pitfalls.
On Wed, 2004-09-01 at 07:31, Tony S. Sykes wrote: > > I have, on a production server at work. With the unix guru sat on my shoulder and he > let me su and then rm *. So evidently you were not held culpable. (??) LX Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com Join the Club : http://www.mandrakeclub.com
Re: [newbie] [Blondes protection] Linux Pitfalls.
Tony S. Sykes wrote: (i also made stupid typo's like "chmod +spermbackup.sh", but this aside) lmao I'm wondering how many pitfalls there are that one should be very cautious for and if one do falls in, how it can be restored. The worst one I've ever done was what you did, but I did it worse because I was at /. (!) So I lost the perms for the entire filesystem. Fortunately I've never been at root and done anything like rm -rf. Knock on wood. :) LX I have, on a production server at work. With the unix guru sat on my shoulder and he let me su and then rm *. You know, I i wonder why these commands can be executed blindly It's plain simple to drop the command in a seperate subfolder in the binfolder (outside the path environment) and replace the bin version for a script. It's also fairly to detect wether a person is currently on the root path and if he uses a global command and even if the command has to be executed recursively upon child-folders. I'm currently not in the position to figure a bash or csh script from the back of my head (still learning!), but there can still be done nuff against fool-action. As it may be well protected to against the big bad mean outside world, it's not as well protected from the dumb user itself. Don't say "Don't use root account unless you know what you are doing" but catch critical events and make the user notice he / she might be executing a big mistake. AKA (it's not a good script, but it gives the idea, i think someone else might be much better in translating what i mean) if [ $(whoami) == 'root']; then echo "You are going to execute this command as root in a dangerous way, sure to continue?"; echo "your action will affect all files on your Linux system\n and some components may not be working properly anymore\n after the action is done." fi Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com Join the Club : http://www.mandrakeclub.com
RE: [newbie] [Blondes protection] Linux Pitfalls.
> > > (i also made stupid typo's like "chmod +spermbackup.sh", but this > > aside) > > lmao > > > > > > I'm wondering how many pitfalls there are that one should be very > > cautious for and if one do falls in, how it can be restored. > > The worst one I've ever done was what you did, but I did it worse > because I was at /. (!) > > So I lost the perms for the entire filesystem. Fortunately I've never > been at root and done anything like rm -rf. Knock on wood. :) > > LX > > > > I have, on a production server at work. With the unix guru sat on my shoulder and he let me su and then rm *. -+-+-+-+-+-+-+-+-+ Business Computer Projects - Disclaimer -+-+-+-+-+-+-+-+-+- This message, and any associated attachment is confidential. If you have received it in error, please delete it from your system, do not use or disclose the information in any way, and notify either the sender or [EMAIL PROTECTED] immediately. The contents of this message may contain personal views which are not necessarily the views of Business Computer Projects Ltd., unless specifically stated. Whilst every effort has been made to ensure that emails and their attachments are virus free, it is the responsibility of the recipient(s) to verify the integrity of such emails. Business Computer Projects Ltd BCP House 151 Charles Street Stockport Cheshire SK1 3JY Tel: +44 (0)161 355-3000 Fax: +44 (0)161 355-3001 Web: http://www.bcpsoftware.com Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com Join the Club : http://www.mandrakeclub.com
Re: [newbie] [Blondes protection] Linux Pitfalls.
On Wed, 2004-09-01 at 06:55, Vincent Voois wrote: > We've been talking about Linux security issues... i'm just wondering > how many fool-traps are in there and how they can be > recovered, i mention one: > > -bash-2.05b$ su > Password: > [EMAIL PROTECTED] /]# > [EMAIL PROTECTED] /]# chmod +444 -R * > > > If anybody can see what is going on... i just changed all > file-permissions to read-only on all files from the root. > I was fortunate enough to do it in one of the var subfolders so i > could quickly restore the damage i had done. > > I found this neat script that offers you to backup a file-permission > state of the path's you supply, but it's a disaster > recovery method and not a prevention tool against typo's: Looks good. :) However this problem has happened before with many other here (ahem) and I think that MDK will partially fix this if you use msec. Last time I used msec, I think it had some drawbacks for this problem, such as it would not restore permissions for non-system-related stuff. Which would make your script superior for this kind of thing, so I will definitely save this script for a deeper later look. > (i also made stupid typo's like "chmod +spermbackup.sh", but this > aside) lmao > > I'm wondering how many pitfalls there are that one should be very > cautious for and if one do falls in, how it can be restored. The worst one I've ever done was what you did, but I did it worse because I was at /. (!) So I lost the perms for the entire filesystem. Fortunately I've never been at root and done anything like rm -rf. Knock on wood. :) LX Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com Join the Club : http://www.mandrakeclub.com