Patchwork system/permissions: make /root group+others non-writable

login
register
mail settings
Submitter Yann E. MORIN
Date June 22, 2013, 10:22 p.m.
Message ID <1371939752-29205-1-git-send-email-yann.morin.1998@free.fr>
Download mbox | patch
Permalink /patch/253448/
State Accepted
Commit 2f2bf6a800d585ea381e09eec148844a7135ac53
Headers show

Comments

Yann E. MORIN - June 22, 2013, 10:22 p.m.
From: "Yann E. MORIN" <yann.morin.1998@free.fr>

Upon logging, dropbear whines if /root is group- or others-writable, and
key-based authentication is attempted, reverting to password-based
authentication:
    dropbear[149]: /root must be owned by user or root, and not writable by others
    dropbear[149]: Password auth succeeded for 'root' from 192.168.127.35:41566

On my system, /root was 770. Changing to 700 fixed the issue.

Having /root 700 is a good idea, anyway.

Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
---
 system/device_table.txt | 1 +
 1 file changed, 1 insertion(+)
Thomas Petazzoni - June 23, 2013, 8:08 a.m.
Dear Yann E. MORIN,

On Sun, 23 Jun 2013 00:22:32 +0200, Yann E. MORIN wrote:
> From: "Yann E. MORIN" <yann.morin.1998@free.fr>
> 
> Upon logging, dropbear whines if /root is group- or others-writable, and
> key-based authentication is attempted, reverting to password-based
> authentication:
>     dropbear[149]: /root must be owned by user or root, and not writable by others
>     dropbear[149]: Password auth succeeded for 'root' from 192.168.127.35:41566
> 
> On my system, /root was 770. Changing to 700 fixed the issue.
> 
> Having /root 700 is a good idea, anyway.
> 
> Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>

Acked-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Peter Korsgaard - June 24, 2013, 11:56 a.m.
>>>>> "Yann" == Yann E MORIN <yann.morin.1998@free.fr> writes:

 Yann> From: "Yann E. MORIN" <yann.morin.1998@free.fr>
 Yann> Upon logging, dropbear whines if /root is group- or others-writable, and
 Yann> key-based authentication is attempted, reverting to password-based
 Yann> authentication:
 Yann>     dropbear[149]: /root must be owned by user or root, and not writable by others
 Yann>     dropbear[149]: Password auth succeeded for 'root' from 192.168.127.35:41566

 Yann> On my system, /root was 770. Changing to 700 fixed the issue.

 Yann> Having /root 700 is a good idea, anyway.

Committed, thanks.

Patch

diff --git a/system/device_table.txt b/system/device_table.txt
index 43c0cfa..7ae4b07 100644
--- a/system/device_table.txt
+++ b/system/device_table.txt
@@ -9,6 +9,7 @@ 
 /dev					d	755	0	0	-	-	-	-	-
 /tmp					d	1777	0	0	-	-	-	-	-
 /etc					d	755	0	0	-	-	-	-	-
+/root					d	700	0	0	-	-	-	-	-
 /home/default				d	755	1000	1000	-	-	-	-	-
 /var/www				d	755	33	33	-	-	-	-	-
 /etc/shadow				f	600	0	0	-	-	-	-	-