× The internal search function is temporarily non-functional. The current search engine is no longer viable and we are researching alternatives.
As a stop gap measure, we are using Google's custom search engine service.
If you know of an easy to use, open source, search engine ... please contact support@midrange.com.



thanks - i'm familiar with security around the keys...

i've run into situations where /home/user/.ssh sometimes are set to 600...
so as an extra layer of precaution, i am setting those to 755 during
maintenance and then back to 600 when i am done.

oh yeah, this is for a user interface process (to manage keys)... so thats
why i'm doing this.

jay

On Tue, Feb 25, 2020 at 1:15 PM Patrik Schindler <poc@xxxxxxxxxx> wrote:

Hello Jay,

Am 25.02.2020 um 17:56 schrieb Jay Vaughn <jeffersonvaughn@xxxxxxxxx>:

ok well to avoid this altogether I really need to just chmod on a base
directory and then all the branch directories and files.

would that be safer?

It depends. Since 755 is "safe", because user, group and everyone else
gets at least read and execute rights, I suspect your problem somewhere
else. Therefore my questions.

say i'd like to change /home/jvaughn/.ssh/*.* to 755 in one command and
then
change /home/jvaughn/.ssh/*.* back to 600 in a subsequent command..

is there syntax that can accomplish that?

Yes. You found out, as I see.

Btw., only the private key files need to be 600, everything else can stay
644. 600 is necessary to make ssh happy. On Unix/Linux, Home directories
usually are mode 700, so there's no way to get beyond that barrier without
switching to a different user profile while the process already runs.

found it

/find /home/jvaughn/.ssh -type f -exec chmod 755 {} \;

for files.. do the same with <d> for dirs...

Yes, that's one way to achieve it (but without the leading / before find).

Since we're talking about ~/.ssh, this is usually just one level deep. So,
the most easy way would be:

cd /home/jvaughn/.ssh
chmod 600 *
chmod 755 .

The most important thing to realize is that for every *found* file, find
spawns a separate instance of chmod, which does it's job in some
miliseconds and exits. Then, find continues. This is not a big deal for
~/.ssh, but when running this to straight out a huge directory tree with
thousands of files/directories, the impact is considerable.

Doing this in V4R5 yields a job log in an OUTQ. For every single spawn of
chmod. I don't know if shell child job logs are just deleted (if no error)
in more recent incarnations of OS/400, or if they're not even created in
the first place. So, even on a relative modern platform, find -exec could
be resource hog par excellence. :-)

Btw., if anyone knows how to suppress job logs from QSH and child
processes in V4, I'd be interested in a working solution. The stuff which
is usually be found in the net about setting an ENVVAR doesn't work for me.

:wq! PoC

PGP-Key: DDD3 4ABF 6413 38DE - https://www.pocnet.net/poc-key.asc


--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing list
To post a message email: MIDRANGE-L@xxxxxxxxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: https://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxxxxxxxx
Before posting, please take a moment to review the archives
at https://archive.midrange.com/midrange-l.

Please contact support@xxxxxxxxxxxx for any subscription related
questions.

Help support midrange.com by shopping at amazon.com with our affiliate
link: https://amazon.midrange.com


As an Amazon Associate we earn from qualifying purchases.

This thread ...

Follow-Ups:
Replies:

Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.