Open abmusse opened 8 years ago
Original comment by Tony Cairns (Bitbucket: rangercairns, GitHub: rangercairns).
Well, as you can see, i don't like the idea of matching PASE in the chroot locations.
Your question about stat ... no, grasshopper. To wit, when you consider a technology like recommended crtautl authorization list(s), a Unix-centric stat seems mickey mouse (*).
(*) repeat -- Of course, security, similar to election politics, has many candidates with different views ( cough ... loud views).
Original comment by Tony Cairns (Bitbucket: rangercairns, GitHub: rangercairns).
So, two schools of thought.
In both cases, i am inclined to think that security is tighter than the original PASE.
So, no, i do not think exact matching PASE is all that and a box of cookies (*).
(*) Of course, security, similar to election politics, has many candidates with different views ( cough ... loud views).
Original report by Aaron Bartell (Bitbucket: aaronbartell, GitHub: aaronbartell).
So far we've been pretty loose on permissions when creating chroot environments - changing ones that are necessary or else things don't work (i.e.
.ssh
directory).We create chroot environments with directories/files that mirror what is in base PASE. I am thinking the same should be done with permissions in chroot.
GOAL: Create a shell script that can optionally invoked to traverse directories in chroot, check permissions of same directory/file in base PASE, and then
chmod
the chroot directory/file.I started digging and found Linux has the
stat
command but AIX doesn't. AIX has theistat
command but PASE doesn't (that I can see).Before I get too much further into research I wanted to run this idea by you to get thumbs up and also ask whether there are
stat
-type commands for PASE I don't know about; or do I need to write a script.