bash_profile = read only

Diputs

Active Member
Joined
Jul 28, 2021
Messages
246
Reaction score
107
Credits
1,901
I technically know why a file is read only, but I'd like to know what is the most logical reason why a .bash_profile in MY home directory is read only.

A series of servers is setup all the same, yet this one server tells me this. Bash should be default Shell for the user.
 


I technically know why a file is read only, but I'd like to know what is the most logical reason why a .bash_profile in MY home directory is read only.

A series of servers is setup all the same, yet this one server tells me this. Bash should be default Shell for the user.
The ~/.bash_profile (or ~/.profile) is read only once on login, unlike the .bashrc which is read on each spawning of a shell. The debian default is actually chmod 644, rather than 444, so it's writable, but only by the owner. Presumably, if the file is read only, since it's in the home of the user, the user owns it and can change it to writable. I agree that it's most likely someone's idea of security.

If a file is read only in the user's home directory, and root wants to write to it in vim, vim will send it a message in red saying that the file is read only, blocking root, until root adds an override.
 
Last edited:
Your profile sets environment variables, functions, aliases, and many other things. That file having any write access can provide an attack vector.

That said, excuse me if I'm wrong. but normally it's writable by the owner. Though I'm sure some people have a different security view of when approaching a shell profile.

My .profile has several functions define as well as aliases, configurations, and environment variables. If you're on a shared system, it might be copacetic to use 'chattr -i' to make it immutable for everyone including root and yourself to make it more difficult to inject an attack. You can always +i to make a change and then remove it again to prevent future changes.
 
Your profile sets environment variables, functions, aliases, and many other things. That file having any write access can provide an attack vector.

That said, excuse me if I'm wrong. but normally it's writable by the owner. Though I'm sure some people have a different security view of when approaching a shell profile.

My .profile has several functions define as well as aliases, configurations, and environment variables. If you're on a shared system, it might be copacetic to use 'chattr -i' to make it immutable for everyone including root and yourself to make it more difficult to inject an attack. You can always +i to make a change and then remove it again to prevent future changes.
English is not my first language, so ... sometimes that's an issue. No idea what "copacetic" means. I'll look it up.

Then, "chattr" is an unknown command for me - need to look that up as well.

I trust myself enough to know what I change to a file, I don't need to remove write permission from myself to enforce that behaviour, although I realise it might be required for other people.
 

Members online


Top