why are there so many world readable files?

[Pete Nesbitt]

On February 18, 2004 04:41 pm, Chris W. Parker wrote:
> hi.
>
> i was just wondering. why are there so many world readable files
> throughout the linux os? shouldn't a directory like /etc not be readable
> by the world?
>
> the reason i ask is because i setup a cron job that backups up a
> database each night. i noticed that the backup file that was being
> created was 0 bytes so i did some investigation. turns out it's because
> i changed the mysql root password, so i changed it in the file.
>
> but then i realized the file is world readable by default. of course i
> changed it to 750 (maybe it should be 700?) but i don't see why so many
> files are world readable.
>
> someone enlighten me please.
>
>
> thanks,
> chris.


Hi Chris,
There are a lot of files in /etc and other areas that should be accessable by 
regular users. The ones that matter are not readable. 
For example, a script may check for valid user by greping the /etc/passwd 
file, but the passwords are kept in /etc/shadow, which is only readable by 
root.

In a case where you want to automate something you should try and use an 
account with no login shell, and then use key based if possible, or at least 
restrict the file to owner &/or group as required. Sounds like you have done 
that already. Basicly, storing passwords for scripts or programs to use is 
not a good idea if it can be avoided.

Yes there are lots of files that are world readable that don't need to be. So 
you could carefully remove that access, being careful not to break anything, 
but again, the system files that need to be private are not world readable.
-- 
Pete Nesbitt, rhce