IT Security Stack Exchange
IT Security Stack Exchange

Questions tagged [permissions]

Access control based on user, group, or global access.

250 questions
102
votes
13 answers

Why is root security enforced but $HOME typically unprotected?

Coming from the comments in this question Why is it bad to log in as root?: The sudo mechanics is in use so non-administrative tools "cannot harm your system." I agree that it would be pretty bad if some github project I cloned was able to inject…
phil294
  • 1,032
  • 2
  • 6
  • 11
95
votes
5 answers

Why do you have to be an admin to create a symlink in Windows?

In linux every user can create symlinks, but in Windows I need an admin command line, or mklink fails. Why is that?
ripper234
  • 1,126
  • 1
  • 8
  • 11
74
votes
1 answer

What is the difference between RBAC and DAC/ACL?

What are the benefits of each, and when should I choose one over the other? Are there situations where these should be merged? Do you have examples of common usages? And what about MAC, where does that fit in?
AviD
  • 72,138
  • 22
  • 136
  • 218
69
votes
7 answers

User can't navigate to webpage through the UI due to permissions, but are able to navigate to page by pasting the URL. How do I protect against this?

In my application, users have certain roles which have permissions. These permissions dictate which UI elements are available to them at the home screen. Many of the elements link to other pages, which many users cannot see because their permissions…
Michael
  • 861
  • 2
  • 9
  • 19
64
votes
1 answer

Why don't video conferencing web applications ask permission for screen sharing?

I am using Chrome 87 with Jitsi Meet 2.0, but I have noticed this behavior too with other setups. When I first enter a room, Chrome asks for the following permissions: Even if I click "Block" to deny these permissions, Jitsi still appears to have…
Jaap Joris Vens
  • 605
  • 4
  • 13
63
votes
6 answers

Is 2FA via mobile phone still a good idea when phones are the most exposed device?

Everyone knows that two factors are better than one. My problem is that often the only second factor allowed is text messages sent to your mobile phone. This creates two concerns: I travel frequently overseas and lose access to 2FA accounts any…
functionalparanoia
  • 521
  • 1
  • 4
  • 4
62
votes
6 answers

Unix execute permission can be easily bypassed. Is it superfluous, or what's the intention behind it?

The unix read permission is actually the same as the execute permission, so if e.g. one process has write access it's also able to execute the same file. This can be done pretty easily:First this process has to load the content of the file,which…
Martin Erhardt
  • 723
  • 1
  • 5
  • 9
60
votes
9 answers

Is it urgent to revoke the access to a private repo once a person has been mistakenly granted it and become aware of this?

There has been a post on Niebezpiecznik.pl, a popular InfoSec blog, describing an interesting situation. A company mistakenly granted access to their BitBucket repo to a a random programmer. This programmer subsequently alerted various employees of…
gaazkam
  • 5,607
  • 11
  • 24
  • 37
49
votes
7 answers

What is the point of encrypting the home directory?

If I have selected a good password and kept it secret, what is the point of encrypting my home directory, as a setup option with some flavors of Linux offer during setup? Won't the Linux permissions keep unwanted eyes away from my stuff?
Jon Wadsworth
  • 672
  • 1
  • 5
  • 12
47
votes
3 answers

Reason to not use chmod -R 777 on internal server for project source code?

From my days of amateur web development the principle of least privilege has beaten into me not to use chmod -R 777 dir. I have personally never needed it, so I've never used it. I now work on a development team professionally, and we recently…
user1717828
  • 2,392
  • 13
  • 19
46
votes
2 answers

Claim that Skype is an unconfined application able to access all one's own personal files and system resources

Situation I was about to install Skype on a laptop driven by Ubuntu 18.04 LTS Desktop. The software installation helper graciously informs me that Skype is unconfined. It can access all your personal files and system resources as per the…
XavierStuvw
  • 965
  • 2
  • 8
  • 15
44
votes
6 answers

Why do mobile apps have fine-grained permissions while desktop apps don't?

Androids apps use fine-grained permissions for security reasons, iOS apps (afaik) do it as well. Windows 8.1 applications don't have a permission schema like that, all Linux versions which I have tried so far don't have it either and I guess Mac OS…
rdmueller
  • 2,413
  • 3
  • 18
  • 17
39
votes
8 answers

How can I prevent a user from copying files to another hard drive?

I have a Linux machine that contains sensitive files. Users should be able to access (read) them when they are using the computer, but should not be able to copy them to another hard drive (USB stick or another hard drive that might have been added…
Iakovos Gurulian
  • 509
  • 1
  • 4
  • 9
30
votes
6 answers

Difference between Privilege and Permission

I am a little confused on the contextual differences between permission and privilege from computer security perspective.Though I have read the definition of both the terms but it will be nice if someone can give me some practical example e.g. User…
Ali Ahmad
  • 4,784
  • 8
  • 35
  • 61
29
votes
5 answers

What are the potential vulnerabilities of allowing non-root users to run apt-get?

There are two ways I can think of doing this: On a system with sudo, by modifying /etc/sudoers. On a system without sudo (such as a Docker environment), by writing a program similar to the below and setting the setuid bit with chmod u+s. apt-get…
kzl
  • 401
  • 4
  • 6
1
2 3
16 17