* [Buildroot] [PATCH] system/permissions: make /root group+others non-writable
@ 2013-06-22 22:22 Yann E. MORIN
2013-06-23 8:08 ` Thomas Petazzoni
2013-06-24 11:56 ` Peter Korsgaard
0 siblings, 2 replies; 3+ messages in thread
From: Yann E. MORIN @ 2013-06-22 22:22 UTC (permalink / raw)
To: buildroot
From: "Yann E. MORIN" <yann.morin.1998@free.fr>
Upon logging, dropbear whines if /root is group- or others-writable, and
key-based authentication is attempted, reverting to password-based
authentication:
dropbear[149]: /root must be owned by user or root, and not writable by others
dropbear[149]: Password auth succeeded for 'root' from 192.168.127.35:41566
On my system, /root was 770. Changing to 700 fixed the issue.
Having /root 700 is a good idea, anyway.
Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
---
system/device_table.txt | 1 +
1 file changed, 1 insertion(+)
diff --git a/system/device_table.txt b/system/device_table.txt
index 43c0cfa..7ae4b07 100644
--- a/system/device_table.txt
+++ b/system/device_table.txt
@@ -9,6 +9,7 @@
/dev d 755 0 0 - - - - -
/tmp d 1777 0 0 - - - - -
/etc d 755 0 0 - - - - -
+/root d 700 0 0 - - - - -
/home/default d 755 1000 1000 - - - - -
/var/www d 755 33 33 - - - - -
/etc/shadow f 600 0 0 - - - - -
--
1.8.1.2
^ permalink raw reply related [flat|nested] 3+ messages in thread
* [Buildroot] [PATCH] system/permissions: make /root group+others non-writable
2013-06-22 22:22 [Buildroot] [PATCH] system/permissions: make /root group+others non-writable Yann E. MORIN
@ 2013-06-23 8:08 ` Thomas Petazzoni
2013-06-24 11:56 ` Peter Korsgaard
1 sibling, 0 replies; 3+ messages in thread
From: Thomas Petazzoni @ 2013-06-23 8:08 UTC (permalink / raw)
To: buildroot
Dear Yann E. MORIN,
On Sun, 23 Jun 2013 00:22:32 +0200, Yann E. MORIN wrote:
> From: "Yann E. MORIN" <yann.morin.1998@free.fr>
>
> Upon logging, dropbear whines if /root is group- or others-writable, and
> key-based authentication is attempted, reverting to password-based
> authentication:
> dropbear[149]: /root must be owned by user or root, and not writable by others
> dropbear[149]: Password auth succeeded for 'root' from 192.168.127.35:41566
>
> On my system, /root was 770. Changing to 700 fixed the issue.
>
> Having /root 700 is a good idea, anyway.
>
> Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Acked-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
--
Thomas Petazzoni, Free Electrons
Kernel, drivers, real-time and embedded Linux
development, consulting, training and support.
http://free-electrons.com
^ permalink raw reply [flat|nested] 3+ messages in thread
* [Buildroot] [PATCH] system/permissions: make /root group+others non-writable
2013-06-22 22:22 [Buildroot] [PATCH] system/permissions: make /root group+others non-writable Yann E. MORIN
2013-06-23 8:08 ` Thomas Petazzoni
@ 2013-06-24 11:56 ` Peter Korsgaard
1 sibling, 0 replies; 3+ messages in thread
From: Peter Korsgaard @ 2013-06-24 11:56 UTC (permalink / raw)
To: buildroot
>>>>> "Yann" == Yann E MORIN <yann.morin.1998@free.fr> writes:
Yann> From: "Yann E. MORIN" <yann.morin.1998@free.fr>
Yann> Upon logging, dropbear whines if /root is group- or others-writable, and
Yann> key-based authentication is attempted, reverting to password-based
Yann> authentication:
Yann> dropbear[149]: /root must be owned by user or root, and not writable by others
Yann> dropbear[149]: Password auth succeeded for 'root' from 192.168.127.35:41566
Yann> On my system, /root was 770. Changing to 700 fixed the issue.
Yann> Having /root 700 is a good idea, anyway.
Committed, thanks.
--
Bye, Peter Korsgaard
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2013-06-24 11:56 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2013-06-22 22:22 [Buildroot] [PATCH] system/permissions: make /root group+others non-writable Yann E. MORIN
2013-06-23 8:08 ` Thomas Petazzoni
2013-06-24 11:56 ` Peter Korsgaard
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox