Mdthbs

Placement of positioning lights on A320 winglets

How can powerful telekinesis avoid violating Newton's 3rd Law?

Which are the methodologies for interpreting Vedas?

Why did Robert pick unworthy men for the White Cloaks?

What is Gilligan's full name?

Is it a good security practice to force employees hide their employer to avoid being targeted?

Does scarcity apply only to commodities?

ISP is not hashing the password I log in with online. Should I take any action?

What do I need to do, tax-wise, for a sudden windfall?

In Pandemic, why take the extra step of eradicating a disease after you've cured it?

Is there a radar system monitoring the UK mainland border?

Part of my house is inexplicably gone

Harley Davidson clattering noise from engine, backfire and failure to start

What publication claimed that Michael Jackson died in a nuclear holocaust?

Is there a frequency comparator device?

Idiom for 'person who gets violent when drunk"

How do I type a hyphen in iOS 12?

Can you open the door or die? v2

What did the 8086 (and 8088) do upon encountering an illegal instruction?

Is Jesus the last Prophet?

Can I attach a DC blower to intake manifold of my 150CC Yamaha FZS FI engine?

What does BREAD stand for while drafting?

About the paper by Buekenhout, Delandtsheer, Doyen, Kleidman, Liebeck and Saxl

Must I use my personal social media account for work?

FILE PERMISSIONS & REMOTE ACCESS

Copy just permissions and ownership from one tar file to anotherrestrict student account permissions, give faculty accessAllow file manipulation but block folder/subfolder manipulation?Limit user from viewing files he doesn't ownaccess to USB drive broken after changing uidLinux blocks file access from Windows (shared NTFS drive)Use ACL to harmonize permissions inside one folderIdeal Linux ACL setup for ransomwareHow do I chmod or chown a file so that anybody in the world can access it?Permission denied when browsing for files using Ubuntu 18.04

.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty,.everyoneloves__bot-mid-leaderboard:empty{ margin-bottom:0;
}

0

If someone gets unwanted remote access to my computer/OS, what's to prevent them from opening a terminal and changing the permissions on my files?

I have a FW that is very good, but, let's assume someone hijacked the browser and they got remote access. I don't want them to be able to delete or modify the files. There's no password for opening a terminal. Can I put a password on the terminal? Can the hijacker open a terminal and make changes?

I do not have a password on accessing the local OS and I don't know how to put one on. The only passwords I have are for admin to desktop and FW.

Debian stretch; orangepi, fw

Thanks.

files permissions terminal remote

share|improve this question

edited 19 mins ago

sgu55

asked 1 hour ago

sgu55sgu55

93

New contributor

sgu55 is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.

• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  Which OS? And what kind of remote access? It seems you speak about Unix, in which case only the owner of a file can change its permissions. So local or remote access by UserX does not allow it to change permissions on files owner by UserY. Otherwise, obviously, permissions would be worthless.
  
  – Patrick Mevzek
  1 hour ago
  

  
  
  
  


• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  Thanks PM. Debian OS. "unwanted remote access" like if someone hijacked my browser. I'm not familiar with unix vs linux - I think of it all as linux as I'm a novice. If someone sits in front of my computer they can open a terminal and change permissions. How is that different for a remote user? If the terminal required a password to be opened, it would make sense to me, but it doesn't. I don't see how to protect against in person or remotely, other than for "in-person" to have a password on my OS so they can't get in in the first place.
  
  – sgu55
  1 hour ago
  
  
  

  
  
  
  


• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  If someone has physical access ("someone sits in front of my computer") many security measures (like classical unix permissions) become worthless. The problem is not that the security measures are useless per se, just that someone has physical access to your box, which means a completely different set of constraints to fullfil (someone can open it, take the hard disk and plug it elsewhere and inspect it as they wish... of course full disk encryption would thwart that specific attack). Why do you think there are screensavers running automatically after X minutes and asking for password?
  
  – Patrick Mevzek
  1 hour ago
  

  
  
  
  


• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  "Why do you think there are screensavers running automatically after X minutes and asking for password?" Yes, I understand what you mean. For this computer, I don't have that. I'll have to see how to do it. But for remote access, since there is no password for a terminal, what prevents a remote user from doing the same thing as someone sitting in front of my computer (assuming no screensaver)? Thanks.
  
  – sgu55
  1 hour ago
  
  
  

  
  
  
  


• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  The only passwords that I have are for the desktop and FW "root privileges". I don't see how to create a password that prevents physical access to the screen and its contents. My skills are limited to the command line, assuming I know what the command is.
  
  – sgu55
  55 mins ago
  
  
  

  
  
  
  

 | 
show 3 more comments

0

If someone gets unwanted remote access to my computer/OS, what's to prevent them from opening a terminal and changing the permissions on my files?

I have a FW that is very good, but, let's assume someone hijacked the browser and they got remote access. I don't want them to be able to delete or modify the files. There's no password for opening a terminal. Can I put a password on the terminal? Can the hijacker open a terminal and make changes?

I do not have a password on accessing the local OS and I don't know how to put one on. The only passwords I have are for admin to desktop and FW.

Debian stretch; orangepi, fw

Thanks.

files permissions terminal remote

share|improve this question

edited 19 mins ago

sgu55

asked 1 hour ago

sgu55sgu55

93

New contributor

sgu55 is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.

• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  Which OS? And what kind of remote access? It seems you speak about Unix, in which case only the owner of a file can change its permissions. So local or remote access by UserX does not allow it to change permissions on files owner by UserY. Otherwise, obviously, permissions would be worthless.
  
  – Patrick Mevzek
  1 hour ago
  

  
  
  
  


• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  Thanks PM. Debian OS. "unwanted remote access" like if someone hijacked my browser. I'm not familiar with unix vs linux - I think of it all as linux as I'm a novice. If someone sits in front of my computer they can open a terminal and change permissions. How is that different for a remote user? If the terminal required a password to be opened, it would make sense to me, but it doesn't. I don't see how to protect against in person or remotely, other than for "in-person" to have a password on my OS so they can't get in in the first place.
  
  – sgu55
  1 hour ago
  
  
  

  
  
  
  


• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  If someone has physical access ("someone sits in front of my computer") many security measures (like classical unix permissions) become worthless. The problem is not that the security measures are useless per se, just that someone has physical access to your box, which means a completely different set of constraints to fullfil (someone can open it, take the hard disk and plug it elsewhere and inspect it as they wish... of course full disk encryption would thwart that specific attack). Why do you think there are screensavers running automatically after X minutes and asking for password?
  
  – Patrick Mevzek
  1 hour ago
  

  
  
  
  


• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  "Why do you think there are screensavers running automatically after X minutes and asking for password?" Yes, I understand what you mean. For this computer, I don't have that. I'll have to see how to do it. But for remote access, since there is no password for a terminal, what prevents a remote user from doing the same thing as someone sitting in front of my computer (assuming no screensaver)? Thanks.
  
  – sgu55
  1 hour ago
  
  
  

  
  
  
  


• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  The only passwords that I have are for the desktop and FW "root privileges". I don't see how to create a password that prevents physical access to the screen and its contents. My skills are limited to the command line, assuming I know what the command is.
  
  – sgu55
  55 mins ago
  
  
  

  
  
  
  

 | 
show 3 more comments

If someone gets unwanted remote access to my computer/OS, what's to prevent them from opening a terminal and changing the permissions on my files?

I have a FW that is very good, but, let's assume someone hijacked the browser and they got remote access. I don't want them to be able to delete or modify the files. There's no password for opening a terminal. Can I put a password on the terminal? Can the hijacker open a terminal and make changes?

I do not have a password on accessing the local OS and I don't know how to put one on. The only passwords I have are for admin to desktop and FW.

Debian stretch; orangepi, fw

Thanks.

files permissions terminal remote

share|improve this question

edited 19 mins ago

sgu55

asked 1 hour ago

sgu55sgu55

93

New contributor

sgu55 is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.

share|improve this question

edited 19 mins ago

sgu55

asked 1 hour ago

sgu55sgu55

93

New contributor

sgu55 is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.

share|improve this question

edited 19 mins ago

sgu55

asked 1 hour ago

sgu55sgu55

93

New contributor

sgu55 is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.

asked 1 hour ago

sgu55sgu55

93

New contributor

sgu55 is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.

asked 1 hour ago

sgu55sgu55

93

1 Answer
1

active

oldest

votes

2

If you own the file then you can pretty much do anything with it and filesystem permissions won't stop you.

Permissions such as "000" aren't designed to protect you from yourself, it's to protect files from other people using the same system. So if you have one person who logs in as 'user1' and another who logs in as 'user2' then filesystem permissions can restrict access.

"000" can be useful for "oops, I made a mistake" type scenarios

$ echo hello > test

$ chmod 0 test

$ echo there > test

-ksh: test: cannot create [Permission denied]

$ rm test

rm: remove write-protected regular file 'test'? n

$ 

But it's not enough to stop you from doing things if you really try

$ rm -f test

$ ls -l test

ls: cannot access 'test': No such file or directory

$ 

But, in practice, permissions such as '000' aren't so useful and you rarely see them.

share|improve this answer

answered 54 mins ago

Stephen HarrisStephen Harris

28.3k35585

add a comment | 

Your Answer

StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "106"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);

StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});

function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: false,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: null,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});


}
});

sgu55 is a new contributor. Be nice, and check out our Code of Conduct.

draft saved

draft discarded

Sign up or log in

StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});

Sign up using Google

Sign up using Facebook

Sign up using Email and Password

Post as a guest

Name

Email

Required, but never shown

StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f524328%2ffile-permissions-remote-access%23new-answer', 'question_page');
}
);

Post as a guest

Name

Email

Required, but never shown

2

If you own the file then you can pretty much do anything with it and filesystem permissions won't stop you.

Permissions such as "000" aren't designed to protect you from yourself, it's to protect files from other people using the same system. So if you have one person who logs in as 'user1' and another who logs in as 'user2' then filesystem permissions can restrict access.

"000" can be useful for "oops, I made a mistake" type scenarios

$ echo hello > test

$ chmod 0 test

$ echo there > test

-ksh: test: cannot create [Permission denied]

$ rm test

rm: remove write-protected regular file 'test'? n

$ 

But it's not enough to stop you from doing things if you really try

$ rm -f test

$ ls -l test

ls: cannot access 'test': No such file or directory

$ 

But, in practice, permissions such as '000' aren't so useful and you rarely see them.

share|improve this answer

answered 54 mins ago

Stephen HarrisStephen Harris

28.3k35585

add a comment | 

2

If you own the file then you can pretty much do anything with it and filesystem permissions won't stop you.

Permissions such as "000" aren't designed to protect you from yourself, it's to protect files from other people using the same system. So if you have one person who logs in as 'user1' and another who logs in as 'user2' then filesystem permissions can restrict access.

"000" can be useful for "oops, I made a mistake" type scenarios

$ echo hello > test

$ chmod 0 test

$ echo there > test

-ksh: test: cannot create [Permission denied]

$ rm test

rm: remove write-protected regular file 'test'? n

$ 

But it's not enough to stop you from doing things if you really try

$ rm -f test

$ ls -l test

ls: cannot access 'test': No such file or directory

$ 

But, in practice, permissions such as '000' aren't so useful and you rarely see them.

share|improve this answer

answered 54 mins ago

Stephen HarrisStephen Harris

28.3k35585

add a comment | 

If you own the file then you can pretty much do anything with it and filesystem permissions won't stop you.

Permissions such as "000" aren't designed to protect you from yourself, it's to protect files from other people using the same system. So if you have one person who logs in as 'user1' and another who logs in as 'user2' then filesystem permissions can restrict access.

"000" can be useful for "oops, I made a mistake" type scenarios

$ echo hello > test

$ chmod 0 test

$ echo there > test

-ksh: test: cannot create [Permission denied]

$ rm test

rm: remove write-protected regular file 'test'? n

$ 

But it's not enough to stop you from doing things if you really try

$ rm -f test

$ ls -l test

ls: cannot access 'test': No such file or directory

$ 

But, in practice, permissions such as '000' aren't so useful and you rarely see them.

share|improve this answer

answered 54 mins ago

Stephen HarrisStephen Harris

28.3k35585

$ echo hello > test

$ chmod 0 test

$ echo there > test

-ksh: test: cannot create [Permission denied]

$ rm test

rm: remove write-protected regular file 'test'? n

$ 

$ rm -f test

$ ls -l test

ls: cannot access 'test': No such file or directory

$ 

share|improve this answer

answered 54 mins ago

Stephen HarrisStephen Harris

28.3k35585

answered 54 mins ago

Stephen HarrisStephen Harris

28.3k35585

answered 54 mins ago

Stephen HarrisStephen Harris

28.3k35585