How do I change the default permission of the "~/.xsession-errors" file ?
Environment
- Red Hat Enterprise Linux 5,6
Issue
-
Need to change the default file permissions on the "~/.xsession-errors" file from 0644 to 0640 to meet requirements of security policy.
-
I attempted to use the "/etc/gdm/PostLogin/Default" and "/etc/X11/xinit/Xsession" scripts, however, these both run before the .xsession-
errors file is created, and as a result, they can not set the permission. -
Is there a way to change the permissions on "~/.xsession-errors" automatically when the user logs in, and does not rely on files which an end user can themselves change (i.e. this can not be simply set in "/etc/bashrc" or similar, as the the end user then risks creating a security violation when simply editing their own shell settings and removes sourcing of the global file) ?
Resolution
- Create a custom script in /etc/profile.d/ directory to change the permission on ~/.xsession-error file.
Steps:
- Create a custom script i.e "xperm.sh" inside /etc/profile.d/ directory and set desired permission using chmod command.
[root@example ~]# vim /etc/profile.d/xperm.sh
#!/bin/bash
chmod 0640 ~/.xsession-error
- Set the execute permission on this script.
[root@example ~]# chmod +x /etc/profile.d/xperm.sh
Note: Normal users on the system can not alter the content of files inside /etc/profile.d/ directory.
[root@example ~]$ ls -ld /etc/profile.d
drwxr-xr-x. 2 root root 4096 Apr 6 05:47 /etc/profile.d
Root Cause
- Scripts inside /etc/profile.d/ directory are executed during the login session of users.
- Scripts inside /etc/profile.d/ directory are only modified by root user.
This solution is part of Red Hat’s fast-track publication program, providing a huge library of solutions that Red Hat engineers have created while supporting our customers. To give you the knowledge you need the instant it becomes available, these articles may be presented in a raw and unedited form.
Welcome! Check out the Getting Started with Red Hat page for quick tours and guides for common tasks.
