#5626 BLOC Update.: Permissions on ~olpc/Activities are too restrictive.
Zarro Boogs per Child
bugtracker at laptop.org
Thu Jan 3 22:06:24 EST 2008
#5626: Permissions on ~olpc/Activities are too restrictive.
----------------------+-----------------------------------------------------
Reporter: cscott | Owner: bernie
Type: defect | Status: assigned
Priority: blocker | Milestone: Update.1
Component: distro | Version:
Resolution: | Keywords: update.1?
Verified: 0 | Blocking:
Blockedby: |
----------------------+-----------------------------------------------------
Comment(by mstone):
As we learned in #5320, this issue is a bit subtle.
Currently, (i.e. while Rainbow runs as root and while the Datastore runs
as uid 500), the important things are that
/home/olpc/.sugar should be rwx by uid 500 and --- by anyone else.
/home/olpc and /home/olpc/Activities should be rwx by uid 500 and r-x by
anyone else.
/home/olpc should contain _no_ world-writable files in directories that
are world-traversable
Any assignment of permissions to files in /home/olpc that is consistent
with these principles is fine by me, though we should probably be careful
to keep SSH happy by locking down .ssh and to keep a tight lid on other
sensitive files.
--
Ticket URL: <http://dev.laptop.org/ticket/5626#comment:4>
One Laptop Per Child <http://dev.laptop.org>
OLPC bug tracking system
More information about the Bugs
mailing list