Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

We run linux machines with hundreds of user accounts, it's safe. Why would you make any important files world-writable?


That's the wrong question to ask.

The right question is whether I have made any important files world-writable.

And the answer is “I don't know.”

So, containers.

And I run it with a special user id.


Well, let's say you weren't on a machine with hundreds of users. Let's say you were on your own machine (either as a solo dev, or on a personal - that is, non server - machine at work).

Now, does that machine have any important files that are world-writable? How sure are you? Probably less sure than for that machine with hundreds of users...


If you're not sure if there are any important world-writable files, then just check that? On Linux you can do something like "find . -perm /o=w". And you can easily make whole dirs inaccessible to other users (chmod o-x). It's only a problem if you're a developer who doesn't know how to check and set file permissions. Then I wouldn't advise running any commands given by an AI.


i'm imagining it's the same people who just chmod 777 everything so they don't have to deal with permissions.


yep thats me, I chmod that and make roots password blank, this way unauthorized access is impossible!


Careful, you’re talking to developers now. Chmod is for wizards, Harry. One wouldn’t dream of disturbing the Linux gods with my own chmod magic. /s

Yes, this is indeed the answer. Create a fake root. Create a user. Chmod and chgrp to restrict it to that fake root. ln /bin if you need to. Let it run wild in its own crib.


Though why bother if you can just put it into a namespace? Containers can be much simpler than what all this Docker and Kubernetes shit around suggests.


I agree. It’s just what the developer knows. Fine. Use whatever you know at your disposal to sandbox it. The ends justify the means.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: