Securing Ubuntu by changing file permissions can stop VirtualBox working
Hi, this is part question part information.
I'm using VirtualBox 2.2.4 on a machine running Ubuntu 8.04.
After doing some research on making Ubuntu more secure I changed the permissions on the following files to 0700.
/usr/bin/who
/usr/bin/w
/usr/bin/finger
/usr/bin/locate
/usr/bin/whereis
/usr/bin/vi
/usr/bin/which
/usr/bin/gcc
/usr/bin/g++
/usr/bin/cc
/usr/bin/make
/usr/bin/apt-get
/usr/bin/aptitude
/usr/bin/telnet
/bin/ping
/bin/nano
This caused VirtualBox to stop working but if I tried running it as root it worked.
I have managed to overcome this problem by changing the group associated with the following files and changing their permissions to 0750. VirtualBox now works.
My question is does anyone know exactly which of the above files VirtualBox needs to access in order to run?
Thanks very much.
Too secure file permissions can stop VirtualBox working
-
baf
- Volunteer
- Posts: 829
- Joined: 27. Sep 2008, 06:18
- Primary OS: Mac OS X Leopard
- VBox Version: VirtualBox+Oracle ExtPack
- Guest OSses: linux,xp,win7
- Location: Luleå or Skellefteå, Sweden
Re: Too secure file permissions can stop VirtualBox working
Guesswork!
In probability order:
good candidates:
/usr/bin/who
/usr/bin/w
possibly:
/usr/bin/which
/usr/bin/whereis
don't think so:
/usr/bin/finger
/usr/bin/locate
/usr/bin/vi
/usr/bin/gcc
/usr/bin/g++
/usr/bin/cc
/usr/bin/make
/usr/bin/apt-get
/usr/bin/aptitude
/usr/bin/telnet
/bin/ping
/bin/nano
Also it's pretty pointless to do it like this. If you allow ssh and scp they could fetch anything somewhere else.
What are you trying to protect from?
In probability order:
good candidates:
/usr/bin/who
/usr/bin/w
possibly:
/usr/bin/which
/usr/bin/whereis
don't think so:
/usr/bin/finger
/usr/bin/locate
/usr/bin/vi
/usr/bin/gcc
/usr/bin/g++
/usr/bin/cc
/usr/bin/make
/usr/bin/apt-get
/usr/bin/aptitude
/usr/bin/telnet
/bin/ping
/bin/nano
Also it's pretty pointless to do it like this. If you allow ssh and scp they could fetch anything somewhere else.
What are you trying to protect from?
Some say: "You learn as long as you live".
My way: "You live as long as you learn".
My way: "You live as long as you learn".
Re: Too secure file permissions can stop VirtualBox working
Thanks Baf
I'm fairly new to Linux so I feel I'm at the point where I know enough to know how much I'm ignorant of, if that makes sense. Consequently I'm doing a lot of researching.
I found a few sites that recommended that doing this was a way to make Ubuntu more secure but they didn't say what they were protecting against.
Anyway I'll experiment with those and see and post how I got on.
I'm fairly new to Linux so I feel I'm at the point where I know enough to know how much I'm ignorant of, if that makes sense. Consequently I'm doing a lot of researching.
I found a few sites that recommended that doing this was a way to make Ubuntu more secure but they didn't say what they were protecting against.
Anyway I'll experiment with those and see and post how I got on.
Re: Too secure file permissions can stop VirtualBox working
Thanks again Baf
I have tested those which you thought were good candidates and it seems that it is only /usr/bin/whereis that VirtualBox needs to access.
So if there are any other people out there who are trying to secure their system more by applying more restrictive permissions to files please be aware that if the file permissions on /usr/bin/whereis are too restrictive VirtualBox will not load.
If you want to keep the permissions on /usr/bin/whereis restrictive I would suggest that you set the permissions to 0750, change the group associated with the whereis (e.g. vboxusers) file and make sure that any users that are going to use VirtualBox are members of the group that you have assigned to whereis.
I have tested those which you thought were good candidates and it seems that it is only /usr/bin/whereis that VirtualBox needs to access.
So if there are any other people out there who are trying to secure their system more by applying more restrictive permissions to files please be aware that if the file permissions on /usr/bin/whereis are too restrictive VirtualBox will not load.
If you want to keep the permissions on /usr/bin/whereis restrictive I would suggest that you set the permissions to 0750, change the group associated with the whereis (e.g. vboxusers) file and make sure that any users that are going to use VirtualBox are members of the group that you have assigned to whereis.