This is my personal Top 8 of worst suggestions I’ve read, took or gave to other Linux users so far, feel free to add your as comment.
Legend: Q: Question, BA: The bad answer, GA : What could have been a good answer
1) Q: I have a file i can’t read/write/execute with the user i want!
Bad: “chmod 666 file” – This makes the file editable and destroyable by anyone.
Worse: “chmod 777 file” – This makes the file editable by anyone AND sets execute permissions for anyone. This means that any user can edit the file to do something malicious for the next user to (accidentally?) execute it.
Worst: “chmod 7777 file” – Also gives setuid and setgid permission. With this you’ve just given any user permission to fubar your machine, especially if the file is owned by root.
GA: Check which user and group have permission to do the operations you need on that file, subscribe the user to that group and/or change the owner or the group of that file.
2) This is a small variant of the number 1.
Q: My daemon (apache, tomcat, put your here) cannot access all files and/or directories our developers use for deploying the applications.
BA: Same as point 1, this usually finish in having all files in a document root with 777
3) Q: At some time my server starts using the Swap space and all goes really slow. what can i do ?
BA: Remove the swap, in this way the system will not use it. The effect of this is usually a server in hang for out of memory
GA: Investigate on what’s using your memory, there should be a memory leak in some running programs, while you are investigating it could be a good idea to double your swap space.
4) Again on the swap and witnessed live by me (as a spectator)
Q: We have the swap almost full, what can we do to empty it?
BA: Give as root a swap off, the kernel will think to claim it. And 1 second later another system in hang, the memory of the machine was heavily used and turning off the swap we had lost important information of running programs.
5) Q: My ext3 filesystem it’s a bit slow, what can i do ?
BA: Transform it in a ext2, you’ll have less overhead and your applications will be faster. This suggestion could be true (depend on application that uses the FS), but don’t tells that ext2 it’s much more fragile and so you risk to lose all your information on a ext2 much more than on a ext3 (or ext4).
GA: ext3 filesystem can be mounted with some particular options like noatime that can help you in getting better performance, check the man page of mount for the oprions.
6) Q: The boot of my desktop it’s a bit slow
BA: It’s your kernel, configure it by hand and remove all the hardware you don’t need. I’ve took this suggestion, and I spent about 2 days in removing and adding back options to the kernel, trying to get all the pieces of my computer working and at the same time the kernel as small as possible, to improve by something like 2 or 3 seconds at the startup.
GA: Install bootchart this will show if there is some point that can be improved during your boot.
7) Q: The user need a new library/program/whatever that is not packaged for the distribution, what can we do ?
BA: If the package it’s availabe in an unofficial repository add that to the list of repository used by the machine and install from there.
BA2 : Download the source and compile it.
I’m not sure on which one is worst, install a package with your package manager but without any security ? or don’t use your package manager and install some binary from the source ?
GA: Download the source and do a package that we’ll install with the package manager of the distribution. The longest but safest way.
8) Q: There seem to be a problem between the application XX and the local firewall
BA: Stop the firewall. This usually has 2 effects, the first is taht you lose security on that server, teh second is that if you forgot to remove the autostart of the firewall at boot time, at the next reboot the application will not work.
GA: try to understand which ports the application uses, or turn on verbose logging for the firewall, once you have understood which ports are used modify the firewall.
Waiting now for the worst Linux suggestions that you have heard.
- Linux Security: How to hide processes from other users
- Productivity boosting with open source applications
- 8 Simple To Follow Tips To Secure Your Apache Web Server
- The Humble “Open Source” Bundle
- Linux Games: FTL Advanced Edition expansion
Find me on Google+