1

How's the best, secure way to have /root/.bashrc and /home/user/.bashrc include a common .bash.shared file?

In other words like this:

/root/.bashrc --sources--> .bash.shared <--sources-- /home/user/.bashrc

If I put .bash.shared in /root, then I can't read it from home due to lack of permission because on Debian /root is set to drwx------ by default.

I don't know the security consequences of loosening restrictions on /root. It must be that way for a reason. (In other words, I would have to give /root drwx-----x).

I think one possible workaround, would be to put .bash.shared in some other root owned folder that both root and users can read, but I'm wondering if there is a simpler way to do this, or if loosening the permissions on /root is safe?

(Out of fear, and as I've been learning linux, I've kept two separate identical files: /root/.bash.shared and /home/user/.bash.shared, thinking that at some point I would stumble on a good solution to this. It's a pain to remember to always update the other when I edit the one. So I want to fix this one way or another, but without a security hole.)

Thanks!

Elliptical view
  • 3,921
  • 4
  • 27
  • 46

1 Answers1

3

This is a fairly common practice and the usual standard is to store this common file somewhere in /etc (such as /etc/bashrc or /etc/bash.bashrc.)

For instance, RHEL/CentOS ship a /etc/bashrc and both root's and the default users' .bashrc contains this snippet:

# Source global definitions
if [ -f /etc/bashrc ]; then
    . /etc/bashrc
fi

The file is, of course, owned by root. But readable by all (needs to be, if non-root users are going to source it.)

It's important that only root can modify it, since otherwise a user with write access would be able to add commands to this file that would be executed by root next time root logs in... not good! But I guess you expected that already...

filbranden
  • 21,751
  • 4
  • 63
  • 86