Access control based on user, group, or global access.
Questions tagged [permissions]
260 questions
17
votes
3 answers
Is hacking legal when a friend allows you to attempt to hack their system?
So I've begun learning to penetration test and I want to try it on a real system, (apart from my own), and so I have asked a friend if I can hack their computer. He is as interested as I am on the subject of computing and has agreed. I'm just…
Shadow
- 171
- 1
- 3
8
votes
4 answers
SUID Scripts vulnerability
In this article, it says that this C-shell script:
#!/bin/csh -b
set user = $1
passwd $user
With these permissions:
-rwsr-x--- 1 root helpdesk
Is vulnerable because one can manipulate env variables, like:
env TERM='`cp /bin/sh…
JohnnyH
- 81
- 2
5
votes
1 answer
Should I use sudo with the normal user or root or sudo with another user?
on a UNIX OS, ex.: OpenBSD (used as a desktop by me only), which one is the best choice in regards to security. I want to run desktop operations (like pkg_add) with root permissions.
1. having the root user and using it with su - root
2. having…
newuser999
- 747
- 5
- 9
4
votes
2 answers
Local admin permissions for MMC
Do I really need local admin permissions on my own laptop on order to access MMC to check/verify things like asset ownership for a certain object, group structure, etc ?
On the internet found contradicting information so I was wondering if there…
Wh0V1an
- 149
- 1
- 2
- 5
2
votes
0 answers
Is it secure to give sitemap.xml 777 permission?
One of my colleagues told me to change the permissions of the sitemap.xml to 777 by using chmod 0777. Is this secure?
The sitemap.xml is inside a media folder where our marketing team has access to via FTP. My fear is that they could just change…
Black
- 136
- 6
2
votes
2 answers
Personal Information available on shared network drive
Does storing personal staff information (names, addresses, dates of birth) on a shared network drive that allows anonymous and unrestricted access to all staff present a violation of the 7th principle of the data protection act - "To keep…
iainpb
- 4,172
- 2
- 18
- 35
1
vote
2 answers
How should permissions be stored?
In a system where users have multiple permissions that may overlap (i.e. "Write" might not include "Read" etc.) what is the best way to keep them in the database? Both in terms of security and "readability" (when I want to know if someone has a…
JNF
- 305
- 2
- 11
0
votes
1 answer
What files would I be able to view as localhost?
If I was able to view any page on a website as localhost using SSRF, what files should I check for? I checked to see if I could view robots.txt normally, and I couldn't, but using SSRF, I was able to. What other files are typical on websites that…
Michael Blake
- 751
- 4
- 12
- 22
0
votes
3 answers
How much faster would computers be if not for security?
I was wondering, assuming a "The Invention of Lying" world, but where no one was able to steal or misrepresent themselves how much faster would computers be? Just to give two examples of what I mean, there would be no need for user permissions…
ike
- 131
- 4
0
votes
1 answer
Helpdesk role and local admins
I need to re-work our current security model for desktop computers, and would like some insight as to what changes can be made as well as best practices.
Currently we have the helpdesk role that is published via GPO to add it to the local admins…
AWippler
- 101
- 1
- 2