Ufw world writeable

Hi all,
Im fairly new to linux, though have been tinkering for a couple months. I was running UFW on an instance of Manjaro KDE. At some juncture i started getting a message saying that permissions fpr UFW were world writeable. I hadn’t done anything with the system outside of adding software via the package manager and using the system for music playback, free tube, internet browsing and some Steam games.

I have subsequently stopped using that install as it was on a spinning HDD and i now have an SSD so moved to that…however there are files that are on that install i need and my worry is if that system was compromised then could any of those files or accessing that drive via my new install be dangerous if someone had managed to do something to the old system and install something?

Reading that back my thpughts seem a bit jumbled soet me give some context as a Windows user who worries about viruses and Internet attacks, especially if the firewall was compromised.

Im not using ufw on my new install, instead firewalld (having used that on fedora) but as a learning exercise, i would be interested to know what could cause the type of problem where permissions become world writeable! Im the only user of the system and No one had physical access to the system . I hadn’t done anything with chmod or anything fancy with terminal outside of changing directiries and sha256 isos!

Seems like some files have too many permissions: ufw world writable at DuckDuckGo
Can you post the complete message?


File permission(s) is not changed when you copy a file to a system folder.

If you use custom build scripts to install anything (AUR comes to mind) you need to understand what they are doing as you can compromise your system if you don’t.

Unless you deliberately execute any of those files using sudo there should be nothing to worry about.

You could make sure the files are not executable by explicitly removing the exec bit.

Data files should never have the exec bit set.

But - before you venture into a chmod -x folder -R yo need to understand that folders need the exec bit to allow navigating the folder.

Ensure you are executing this inside the top folder containing the files and folders you copied

You may need - to set the owner and group - $USER:$USER is an environment variable holding your current user:group. If the files are copied from a mix of unknown users - below command can be executed with sudo -

WARNING never do this in a system folder e.g. /. Always limit to files and folders you have write access to - thus ONLY inside your $HOME

chown -R $USER:$USER
find . -type f | sudo xargs -d'\n' chmod 664  # file permisson to rw for user and group and ro for other
find . -type d | sudo xargs -d'\n' chmod 775  # folder permission to rw for user and group and ro for other
find . -type d | sudo xargs -d'\n' chmod +s   # set defaults for new files in a folder to inherit the folder permission

All my files, from Windows, are executable - #16 by linux-aarhus

ALWAYS keep the use of sudo to a minimum and check scripts which require sudo as those will be executed with elevated privileges.

Hi both and thank you for your responses, really appreciate it. I went to boot up that old install today to file the steps given and it didn’t complete startup, dumping me out at the emergency terminal and promptly locking up.

At this stage of my linux journey i think fixing this is beyond me and the files i have lost i will chalk up to experience (they were backed up but ironically when trying to restore them the backup was only partially sucessful). Thank you both for stepping up and offering to help though

That comment about resources from AUR got me thinking. I have been more relaxed about using it in addition to the official community stuff but now, i will be less trigger, happy. Does Flatpack have the same issues as,AUR as i believe the application and is dependencies are sand boxed?

Muse

ultimately
you do not know
(because you do not check and do not know how to)
what is done when an AUR package is installed
and equally do not know what happens when you install a snap or a flat pack

… or any repo package, for that matter …

you trust - plain and simple

your files where (very much most likely) not compromised

use them if your backup is corrupt

… if you do not have good reason and evidence to expect the contrary
just based upon the fact that you got a permission warning on firewall related files

it’s by far not good enough to throw away your files

my opinion ™