HPE Community
Operating System - Linux
1821188 Members
3423 Online
109631 Solutions
New Discussion юеВ

Theory behind mount point permissions

 
Randy Brown_1
Frequent Advisor

тАО01-04-2005 04:08 AM

тАО01-04-2005 04:08 AM

Theory behind mount point permissions

I have always been taught that mount points should be owned by root. This is mainly for reasons of security. I have run into a situation where I am installing a series of machines that contain mount points owned by users other than root with 775 and 777 permissions. This seems very insecure to me. For anyone to be able to write to these filesystems could wreak havoc on the machines. In this configuration, log files could be altered among other things.

I have been looking for something online (google, Sans.org, bugtraq) to help me back up my argument and have not had any luck. Can anyone point me in the direction of information regarding why mount point permissions should(n't) be set in a particular way?

Am I the only one that thinks this is important?

I would appreciate any thoughts and/or comments on this issue.

Thanks in advance!
0 Kudos
Reply
3 REPLIES 3
James Specht
Trusted Contributor

тАО01-04-2005 05:27 AM

тАО01-04-2005 05:27 AM

Re: Theory behind mount point permissions

IMHO, it doesn't matter if it is a mount point or a directory, your permissions should be as secure as possible. One of the systems I admin is an Oracle database server. Now on that box I have the mount point /oracledb owned by root:root with permissions set to 600 before the mount. Once the /oracledb is mounted the permission is changed to oracle:dba and permissions of 750.

Now a directory with 777 is bad...but I do have one. The DBAs want a directory that the database can read and write to and that anyone can write to so they can put their files there. File DO get stepped on but it is the price the DBAs are willing to pay for ease of use.

Hope I was helpful.

--Jim
"Everyone can be taught to sculpt: Michelangelo would have had to be taught how not to. So it is with the great programmers."
0 Kudos
Reply
HGN
Honored Contributor

тАО01-05-2005 07:04 AM

тАО01-05-2005 07:04 AM

Re: Theory behind mount point permissions

Hi

The mount ownership does not matter much but the permissions are very important.Many systems which run oracle have the owner and group of the oracle id for the mount point.

We do not allow 777 permission on any directory or file, the maximum allowed is 755 which is good for the DBA's and developers.

Rgds

HGN
0 Kudos
Reply
John Poff
Honored Contributor

тАО01-05-2005 07:17 AM

тАО01-05-2005 07:17 AM

Re: Theory behind mount point permissions

Hi,

I have been burned before by admins who have left the mountpoint directory owned by non-root users with 777 permissions. When the filesystem isn't mounted they are writing directly to the '/' filesystem, and I have seen it fill up before. It is much better for them to get a permission denied error and then find out with some investigation that a filesystem isn't mounted than for them to fill root, or, as you mentioned, gain write access to key files.

JP
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.