On 07/20/2010 08:20 PM, Stephen Harris wrote: > On Tue, Jul 20, 2010 at 05:45:36PM -0600, Ski Dawg wrote: >> Hello all, >> >> Today, I ran across a directory in /etc/ on one of our servers whose >> permissions where set to 600 (drw-------) with root being the owner. > > Heheheheh. That machine is so broken. Even 0700 would be unbelievably > broken Why? Take a look in /etc, and I promise that you'll find entries that are 0600 and 0700. You might even notice that the permissions on /etc/shadow are unusually restricted. Do you believe the permissions on /etc/shadow are also broken? >> The directory is for the firewall package for the server, so it is not >> something malicious. Checking some other systems, they also have this >> directory and the permissions on those servers is also 600, so it >> isn't just a messed up permissions on this one machine. > > Sounds like some messed up wanna-be security person who doesn't grok Unix. Perhaps I am more charitable. I'm inclined to believe that it's the result of a typo in the installation script that tends to go unnoticed because the root user isn't locked out by the error. > Basically nothing non-root running will work properly on these machines. > And if everything is designed to run as root then the architect has > shown other issues. "root" is the user of last recourse on a properly > managed server. There are some things (setting iptables entries for instance) that only the root user is allowed to do. While daemons should not run as root if they don't need to, these configuration files aren't for a daemon. Furthermore, as authentication can typically only be done by root, you'll find that there are quite a few very secure packages which still run as the root user. Take sshd for instance. It has a nice design that puts a lot of work in a process that doesn't run as root, but the parent process still does.