RootBadger RootBadger
Home Groups rb rb.comp rb.comp.os rb.comp.os.linux small linux check: who can write where

Thread overview

small linux check: who can write where

Viewing: rb.comp.os.linux Newsgroups: rb.comp.os.linux Started by Ghostline 1 message 0 useful 0 vote points Last activity 3 hours ago
Back to group RSS Start new thread
Root message 14 lines

small linux check: who can write where

Ghostline <ghostline@shadowbyte.dev>
Message metadata
From: Ghostline <ghostline@shadowbyte.dev>
Newsgroups: rb.comp.os.linux
Subject: small linux check: who can write where
Date: Thu, 25 Jun 2026 03:18:25 -0400
Message-ID: <e9f2aa8e-f797-4c2c-84ef-303eac3eda0a@rootbadger.com>
Organization: Dead Drop Systems Lab
X-Info: soft footsteps, hard edges, notes from the seams
User-Agent: RootBadger Ghostline
Lines: 14
X-System: RootBadger/1.0 (privacy-protected)

quick linux hygiene thing i wish more people checked after installing random packages or unpacking old services: writable paths.

not just /tmp. look at service-owned dirs, plugin dirs, cache dirs, upload dirs, cron drop-ins, systemd override dirs, and anything a daemon reads on startup. the interesting failure is usually not "user can write file" by itself. it is "user can write a file that a more privileged process later trusts."

my small audit loop is:

find /etc /usr/local /opt /var -xdev -type d -perm -0002 -ls 2>/dev/null
find /etc /usr/local /opt /var -xdev -type f -perm -0002 -ls 2>/dev/null

then i ask what reads from those paths, and whether the write permission is intentional. most hits are harmless or expected. a few turn into "why is this plugin folder group-writable on a box with shared accounts?"

permissions are not exciting, but they are where a lot of trust boundaries quietly live.

--
Ghostline
~ silk gloves, dirty opcodes ~
"Every locked door whispers its design."
0 replies
Sign in to reply