Subj : Re: Lose execute privileges on owner files? To : comp.os.linux From : ibuprofin Date : Thu Sep 30 2004 07:51 pm In article , RJGraham wrote: >For example, I have a bash shell script that I chmod to 777. I give up - why does it have to be world writable? As a general statement, that's a security hole wide enough to fly eight 747s through in line abreast formation. >Then after a while, I find I can't run this same script because it now >does not have owner execute privileges (ie. seems that it has chmod'd to >677). Some distributions try to enforce at least a minimal sanity - Red Hat was doing that with one of their proprietary admin tools, but it would have removed the world writable, and not done anything with owner permissions. Mandrake is another one to do this. What are the permissions of the parent directory? Are you allowing everyone to do anything there? >Unfortunately, I can't narrow down a sequence of events that cause this >to happen. I'm not touching these files other than to chmod them back to >777 as required when they get 'flipped'. Write a dumb script to stat the file, and note the permissions. Have it alarm in some manner (send you mail, write to file - I'd have it include the output of 'w' and 'ps auxw' in which ever alarm you choose) if the permissions change. Have it sleep for N seconds, and repeat. Something like while true ; do grep -q -- '-rwxrwxrwx' `ls -l /path/to/file/to/watch` if [ $? -eq 1 ] ; then OUTFILE=`mktemp /usr/tmp/snapshot.XXXXXXX` ls -ld /path/to/file/to > $OUTFILE ls -l /path/to/file/to/watch >> $OUTFILE w >> $OUTFILE ps auxw >> $OUTFILE date >> $OUTFILE fi sleep 30 done Not tested, but that's the concept. See the appropriate man pages if you don't understand the individual commands. You also may want to set OUTFILE to a more secure directory. Oh, and watch those quotes - some of them are backtics - from the same key as the ~, not the key next to . Old guy .