Ubuntu: Are there negative implications for making dot files like .profile and .bashrc read-only?
Clash Royale CLAN TAG#URR8PPP up vote
0
down vote
favorite
Here's a glimpse at the permissions of files in my home directory:
664 -rw-rw-r-- bob:bob .bash_aliases
600 -rw------- bob:bob .bash_history
664 -rw-rw-r-- bob:bob .bash_login
644 -rw-r--r-- bob:bob .bash_logout
664 -rw-rw-r-- bob:bob .bash_profile
644 -rw-r--r-- bob:bob .bashrc
700 drwx------ bob:bob .cache
644 -rw-r--r-- bob:bob .cloud-locale-test.skip
700 drwx------ bob:bob .gnupg
400 -r-------- bob:bob .google_authenticator
644 -rw-r--r-- bob:bob .profile
700 drwx------ bob:bob .ssh
644 -rw-r--r-- bob:bob .sudo_as_admin_successful
600 -rw------- bob:bob .viminfo
664 -rw-rw-r-- bob:bob .vimrc
Here's what I want to change them to, as I have tested these permissions and they don't seem to hurt anything:
440 -r--r----- root:bob .bash_aliases
600 -rw------- bob:bob .bash_history
440 -r--r----- root:bob .bash_login
644 -rw-r--r-- bob:bob .bash_logout
440 -r--r----- root:bob .bash_profile
440 -r--r----- root:bob .bashrc
700 drwx------ bob:bob .cache
644 -rw-r--r-- bob:bob .cloud-locale-test.skip
700 drwx------ bob:bob .gnupg
400 -r-------- bob:bob .google_authenticator
440 -r--r----- root:bob .profile
700 drwx------ bob:bob .ssh
644 -rw-r--r-- bob:bob .sudo_as_admin_successful
600 -rw------- bob:bob .viminfo
440 -r--r----- root:bob .vimrc
In short, I've changed the user ownership of .profile, .bashrc, .bash_profile, .bash_login, .bash_aliases and .vimrc to root and changed the permissions to where only root and bob may read the files.
What I'm trying to do:
I'm setting the permissions this way so that if I walk away from my desk for a moment, a bad actor would need my sudo user password in order to change, add or remove anything in these dot files.
My concern/query:
Does any one know of cases, real or edge, where upgrading the system or installing a package would result in an error because these .dot files are not writable by sudo user bob? As far as I know, I have never seen a package installation or upgrade that resulted in changes to these dot files (which isn't to say it hasn't happened and I missed it). In particular, my concern is about .profile and .bashrc. The other files aren't even there on a fresh installation of Ubuntu 16.04 or 18.04.
It's also possible there are negative implications to what I want do that have nothing to do with package management, although for the life of me I can't think of any other scenario where hardening permissions on .bashrc and .profile would cause a problem.
permissions home-directory
asked May 14 at 18:31
Harold Fischer
1032
migrated from serverfault.com May 14 at 19:07
This question came from our site for system and network administrators.
add a comment |Â
up vote
0
down vote
favorite
Here's a glimpse at the permissions of files in my home directory:
664 -rw-rw-r-- bob:bob .bash_aliases
600 -rw------- bob:bob .bash_history
664 -rw-rw-r-- bob:bob .bash_login
644 -rw-r--r-- bob:bob .bash_logout
664 -rw-rw-r-- bob:bob .bash_profile
644 -rw-r--r-- bob:bob .bashrc
700 drwx------ bob:bob .cache
644 -rw-r--r-- bob:bob .cloud-locale-test.skip
700 drwx------ bob:bob .gnupg
400 -r-------- bob:bob .google_authenticator
644 -rw-r--r-- bob:bob .profile
700 drwx------ bob:bob .ssh
644 -rw-r--r-- bob:bob .sudo_as_admin_successful
600 -rw------- bob:bob .viminfo
664 -rw-rw-r-- bob:bob .vimrc
Here's what I want to change them to, as I have tested these permissions and they don't seem to hurt anything:
440 -r--r----- root:bob .bash_aliases
600 -rw------- bob:bob .bash_history
440 -r--r----- root:bob .bash_login
644 -rw-r--r-- bob:bob .bash_logout
440 -r--r----- root:bob .bash_profile
440 -r--r----- root:bob .bashrc
700 drwx------ bob:bob .cache
644 -rw-r--r-- bob:bob .cloud-locale-test.skip
700 drwx------ bob:bob .gnupg
400 -r-------- bob:bob .google_authenticator
440 -r--r----- root:bob .profile
700 drwx------ bob:bob .ssh
644 -rw-r--r-- bob:bob .sudo_as_admin_successful
600 -rw------- bob:bob .viminfo
440 -r--r----- root:bob .vimrc
In short, I've changed the user ownership of .profile, .bashrc, .bash_profile, .bash_login, .bash_aliases and .vimrc to root and changed the permissions to where only root and bob may read the files.
What I'm trying to do:
I'm setting the permissions this way so that if I walk away from my desk for a moment, a bad actor would need my sudo user password in order to change, add or remove anything in these dot files.
My concern/query:
Does any one know of cases, real or edge, where upgrading the system or installing a package would result in an error because these .dot files are not writable by sudo user bob? As far as I know, I have never seen a package installation or upgrade that resulted in changes to these dot files (which isn't to say it hasn't happened and I missed it). In particular, my concern is about .profile and .bashrc. The other files aren't even there on a fresh installation of Ubuntu 16.04 or 18.04.
It's also possible there are negative implications to what I want do that have nothing to do with package management, although for the life of me I can't think of any other scenario where hardening permissions on .bashrc and .profile would cause a problem.
permissions home-directory
asked May 14 at 18:31
Harold Fischer
1032
migrated from serverfault.com May 14 at 19:07
This question came from our site for system and network administrators.
Why not just train yourself to get in the habit of locking the screen whenever you stand up to leave your desk even if only for a minute? Then one would need your password to unlock the screen, and you wouldn't need to sudo to change permissions if you ever do need to edit those files (such as to change something in vim config). Plus there are plenty of other things one could do to other files.
– dobey
May 14 at 19:47
That's understandable why would you ask that. In my case I have 5 computers running, and they all have really long passwords (i.e., I would lose 3-5 minutes every time I walked away from my desk and came back). And there are plenty of other ways people could screw up my machine even without root permissions. But I still think it would be useful to make the files read-only in case I did happen to forget to lock the screens before I walked away. If I was a bad actor, .profile and .bashrc would definitely be the first things that crossed my mind if I wanted to sabotage or try to insert bad code
– Harold Fischer
May 14 at 20:10
The repositories marked as "universe" I think, which contain 3rd party packages, and those may in some cases need to add environment variables to~/.bashrcsimply due to how they're designed.
– Sergiy Kolodyazhnyy
Jun 15 at 6:01
add a comment |Â
up vote
0
down vote
favorite
up vote
0
down vote
favorite
Here's a glimpse at the permissions of files in my home directory:
664 -rw-rw-r-- bob:bob .bash_aliases
600 -rw------- bob:bob .bash_history
664 -rw-rw-r-- bob:bob .bash_login
644 -rw-r--r-- bob:bob .bash_logout
664 -rw-rw-r-- bob:bob .bash_profile
644 -rw-r--r-- bob:bob .bashrc
700 drwx------ bob:bob .cache
644 -rw-r--r-- bob:bob .cloud-locale-test.skip
700 drwx------ bob:bob .gnupg
400 -r-------- bob:bob .google_authenticator
644 -rw-r--r-- bob:bob .profile
700 drwx------ bob:bob .ssh
644 -rw-r--r-- bob:bob .sudo_as_admin_successful
600 -rw------- bob:bob .viminfo
664 -rw-rw-r-- bob:bob .vimrc
Here's what I want to change them to, as I have tested these permissions and they don't seem to hurt anything:
440 -r--r----- root:bob .bash_aliases
600 -rw------- bob:bob .bash_history
440 -r--r----- root:bob .bash_login
644 -rw-r--r-- bob:bob .bash_logout
440 -r--r----- root:bob .bash_profile
440 -r--r----- root:bob .bashrc
700 drwx------ bob:bob .cache
644 -rw-r--r-- bob:bob .cloud-locale-test.skip
700 drwx------ bob:bob .gnupg
400 -r-------- bob:bob .google_authenticator
440 -r--r----- root:bob .profile
700 drwx------ bob:bob .ssh
644 -rw-r--r-- bob:bob .sudo_as_admin_successful
600 -rw------- bob:bob .viminfo
440 -r--r----- root:bob .vimrc
In short, I've changed the user ownership of .profile, .bashrc, .bash_profile, .bash_login, .bash_aliases and .vimrc to root and changed the permissions to where only root and bob may read the files.
What I'm trying to do:
I'm setting the permissions this way so that if I walk away from my desk for a moment, a bad actor would need my sudo user password in order to change, add or remove anything in these dot files.
My concern/query:
Does any one know of cases, real or edge, where upgrading the system or installing a package would result in an error because these .dot files are not writable by sudo user bob? As far as I know, I have never seen a package installation or upgrade that resulted in changes to these dot files (which isn't to say it hasn't happened and I missed it). In particular, my concern is about .profile and .bashrc. The other files aren't even there on a fresh installation of Ubuntu 16.04 or 18.04.
It's also possible there are negative implications to what I want do that have nothing to do with package management, although for the life of me I can't think of any other scenario where hardening permissions on .bashrc and .profile would cause a problem.
permissions home-directory
asked May 14 at 18:31
Harold Fischer
1032
Here's a glimpse at the permissions of files in my home directory:
664 -rw-rw-r-- bob:bob .bash_aliases
600 -rw------- bob:bob .bash_history
664 -rw-rw-r-- bob:bob .bash_login
644 -rw-r--r-- bob:bob .bash_logout
664 -rw-rw-r-- bob:bob .bash_profile
644 -rw-r--r-- bob:bob .bashrc
700 drwx------ bob:bob .cache
644 -rw-r--r-- bob:bob .cloud-locale-test.skip
700 drwx------ bob:bob .gnupg
400 -r-------- bob:bob .google_authenticator
644 -rw-r--r-- bob:bob .profile
700 drwx------ bob:bob .ssh
644 -rw-r--r-- bob:bob .sudo_as_admin_successful
600 -rw------- bob:bob .viminfo
664 -rw-rw-r-- bob:bob .vimrc
Here's what I want to change them to, as I have tested these permissions and they don't seem to hurt anything:
440 -r--r----- root:bob .bash_aliases
600 -rw------- bob:bob .bash_history
440 -r--r----- root:bob .bash_login
644 -rw-r--r-- bob:bob .bash_logout
440 -r--r----- root:bob .bash_profile
440 -r--r----- root:bob .bashrc
700 drwx------ bob:bob .cache
644 -rw-r--r-- bob:bob .cloud-locale-test.skip
700 drwx------ bob:bob .gnupg
400 -r-------- bob:bob .google_authenticator
440 -r--r----- root:bob .profile
700 drwx------ bob:bob .ssh
644 -rw-r--r-- bob:bob .sudo_as_admin_successful
600 -rw------- bob:bob .viminfo
440 -r--r----- root:bob .vimrc
In short, I've changed the user ownership of .profile, .bashrc, .bash_profile, .bash_login, .bash_aliases and .vimrc to root and changed the permissions to where only root and bob may read the files.
What I'm trying to do:
I'm setting the permissions this way so that if I walk away from my desk for a moment, a bad actor would need my sudo user password in order to change, add or remove anything in these dot files.
My concern/query:
Does any one know of cases, real or edge, where upgrading the system or installing a package would result in an error because these .dot files are not writable by sudo user bob? As far as I know, I have never seen a package installation or upgrade that resulted in changes to these dot files (which isn't to say it hasn't happened and I missed it). In particular, my concern is about .profile and .bashrc. The other files aren't even there on a fresh installation of Ubuntu 16.04 or 18.04.
It's also possible there are negative implications to what I want do that have nothing to do with package management, although for the life of me I can't think of any other scenario where hardening permissions on .bashrc and .profile would cause a problem.
permissions home-directory
asked May 14 at 18:31
Harold Fischer
1032
asked May 14 at 18:31
Harold Fischer
1032
asked May 14 at 18:31
Harold Fischer
1032
asked May 14 at 18:31
Harold Fischer
1032
1032
migrated from serverfault.com May 14 at 19:07
This question came from our site for system and network administrators.
migrated from serverfault.com May 14 at 19:07
This question came from our site for system and network administrators.
Why not just train yourself to get in the habit of locking the screen whenever you stand up to leave your desk even if only for a minute? Then one would need your password to unlock the screen, and you wouldn't need to sudo to change permissions if you ever do need to edit those files (such as to change something in vim config). Plus there are plenty of other things one could do to other files.
– dobey
May 14 at 19:47
That's understandable why would you ask that. In my case I have 5 computers running, and they all have really long passwords (i.e., I would lose 3-5 minutes every time I walked away from my desk and came back). And there are plenty of other ways people could screw up my machine even without root permissions. But I still think it would be useful to make the files read-only in case I did happen to forget to lock the screens before I walked away. If I was a bad actor, .profile and .bashrc would definitely be the first things that crossed my mind if I wanted to sabotage or try to insert bad code
– Harold Fischer
May 14 at 20:10
The repositories marked as "universe" I think, which contain 3rd party packages, and those may in some cases need to add environment variables to~/.bashrcsimply due to how they're designed.
– Sergiy Kolodyazhnyy
Jun 15 at 6:01
add a comment |Â
Why not just train yourself to get in the habit of locking the screen whenever you stand up to leave your desk even if only for a minute? Then one would need your password to unlock the screen, and you wouldn't need to sudo to change permissions if you ever do need to edit those files (such as to change something in vim config). Plus there are plenty of other things one could do to other files.
– dobey
May 14 at 19:47
That's understandable why would you ask that. In my case I have 5 computers running, and they all have really long passwords (i.e., I would lose 3-5 minutes every time I walked away from my desk and came back). And there are plenty of other ways people could screw up my machine even without root permissions. But I still think it would be useful to make the files read-only in case I did happen to forget to lock the screens before I walked away. If I was a bad actor, .profile and .bashrc would definitely be the first things that crossed my mind if I wanted to sabotage or try to insert bad code
– Harold Fischer
May 14 at 20:10
The repositories marked as "universe" I think, which contain 3rd party packages, and those may in some cases need to add environment variables to~/.bashrcsimply due to how they're designed.
– Sergiy Kolodyazhnyy
Jun 15 at 6:01
Why not just train yourself to get in the habit of locking the screen whenever you stand up to leave your desk even if only for a minute? Then one would need your password to unlock the screen, and you wouldn't need to sudo to change permissions if you ever do need to edit those files (such as to change something in vim config). Plus there are plenty of other things one could do to other files.
– dobey
May 14 at 19:47
Why not just train yourself to get in the habit of locking the screen whenever you stand up to leave your desk even if only for a minute? Then one would need your password to unlock the screen, and you wouldn't need to sudo to change permissions if you ever do need to edit those files (such as to change something in vim config). Plus there are plenty of other things one could do to other files.
– dobey
May 14 at 19:47
That's understandable why would you ask that. In my case I have 5 computers running, and they all have really long passwords (i.e., I would lose 3-5 minutes every time I walked away from my desk and came back). And there are plenty of other ways people could screw up my machine even without root permissions. But I still think it would be useful to make the files read-only in case I did happen to forget to lock the screens before I walked away. If I was a bad actor, .profile and .bashrc would definitely be the first things that crossed my mind if I wanted to sabotage or try to insert bad code
– Harold Fischer
May 14 at 20:10
That's understandable why would you ask that. In my case I have 5 computers running, and they all have really long passwords (i.e., I would lose 3-5 minutes every time I walked away from my desk and came back). And there are plenty of other ways people could screw up my machine even without root permissions. But I still think it would be useful to make the files read-only in case I did happen to forget to lock the screens before I walked away. If I was a bad actor, .profile and .bashrc would definitely be the first things that crossed my mind if I wanted to sabotage or try to insert bad code
– Harold Fischer
May 14 at 20:10
The repositories marked as "universe" I think, which contain 3rd party packages, and those may in some cases need to add environment variables to
~/.bashrc simply due to how they're designed.– Sergiy Kolodyazhnyy
Jun 15 at 6:01
The repositories marked as "universe" I think, which contain 3rd party packages, and those may in some cases need to add environment variables to
~/.bashrc simply due to how they're designed.– Sergiy Kolodyazhnyy
Jun 15 at 6:01
add a comment |Â
1 Answer
1
active
oldest
votes
up vote
1
down vote
accepted
... a bad actor would need my sudo user password in order to change, add or remove anything in these dot files.
False. If your home directory is writable by you (which it likely is, and which you likely want to keep that way), anybody who can run commands as your user can delete or rename them, and create a files in their place.
That could be worked around by making it immutable, though.
That said, packages from the official repositories are not allowed to directly mess with user home directories. You're safe on that count. If you download random debs from elsewhere, they may or may not make assumptions about your home directories - there's no telling.
answered Jun 15 at 5:48
muru
129k19271461
Thank you for taking the time to point out the futility of my intent. Could I at least make sure that other users cannot read files in my home directory by runningsudo chmod -R -- o-rwx "$HOME"? It seems to work without issue, but wouldn't mind your thoughts on this.
– Harold Fischer
Jun 16 at 1:06
@HaroldFischer you could, but what's the benefit of that in this scenario, where the attacker can run commands as your user?
– muru
Jun 16 at 5:24
add a comment |Â
1 Answer
1
active
oldest
votes
1 Answer
1
active
oldest
votes
active
oldest
votes
active
oldest
votes
up vote
1
down vote
accepted
... a bad actor would need my sudo user password in order to change, add or remove anything in these dot files.
False. If your home directory is writable by you (which it likely is, and which you likely want to keep that way), anybody who can run commands as your user can delete or rename them, and create a files in their place.
That could be worked around by making it immutable, though.
That said, packages from the official repositories are not allowed to directly mess with user home directories. You're safe on that count. If you download random debs from elsewhere, they may or may not make assumptions about your home directories - there's no telling.
answered Jun 15 at 5:48
muru
129k19271461
Thank you for taking the time to point out the futility of my intent. Could I at least make sure that other users cannot read files in my home directory by runningsudo chmod -R -- o-rwx "$HOME"? It seems to work without issue, but wouldn't mind your thoughts on this.
– Harold Fischer
Jun 16 at 1:06
@HaroldFischer you could, but what's the benefit of that in this scenario, where the attacker can run commands as your user?
– muru
Jun 16 at 5:24
add a comment |Â
up vote
1
down vote
accepted
... a bad actor would need my sudo user password in order to change, add or remove anything in these dot files.
False. If your home directory is writable by you (which it likely is, and which you likely want to keep that way), anybody who can run commands as your user can delete or rename them, and create a files in their place.
That could be worked around by making it immutable, though.
That said, packages from the official repositories are not allowed to directly mess with user home directories. You're safe on that count. If you download random debs from elsewhere, they may or may not make assumptions about your home directories - there's no telling.
answered Jun 15 at 5:48
muru
129k19271461
Thank you for taking the time to point out the futility of my intent. Could I at least make sure that other users cannot read files in my home directory by runningsudo chmod -R -- o-rwx "$HOME"? It seems to work without issue, but wouldn't mind your thoughts on this.
– Harold Fischer
Jun 16 at 1:06
@HaroldFischer you could, but what's the benefit of that in this scenario, where the attacker can run commands as your user?
– muru
Jun 16 at 5:24
add a comment |Â
up vote
1
down vote
accepted
up vote
1
down vote
accepted
... a bad actor would need my sudo user password in order to change, add or remove anything in these dot files.
False. If your home directory is writable by you (which it likely is, and which you likely want to keep that way), anybody who can run commands as your user can delete or rename them, and create a files in their place.
That could be worked around by making it immutable, though.
That said, packages from the official repositories are not allowed to directly mess with user home directories. You're safe on that count. If you download random debs from elsewhere, they may or may not make assumptions about your home directories - there's no telling.
answered Jun 15 at 5:48
muru
129k19271461
... a bad actor would need my sudo user password in order to change, add or remove anything in these dot files.
False. If your home directory is writable by you (which it likely is, and which you likely want to keep that way), anybody who can run commands as your user can delete or rename them, and create a files in their place.
That could be worked around by making it immutable, though.
That said, packages from the official repositories are not allowed to directly mess with user home directories. You're safe on that count. If you download random debs from elsewhere, they may or may not make assumptions about your home directories - there's no telling.
answered Jun 15 at 5:48
muru
129k19271461
answered Jun 15 at 5:48
muru
129k19271461
answered Jun 15 at 5:48
muru
129k19271461
answered Jun 15 at 5:48
muru
129k19271461
129k19271461
Thank you for taking the time to point out the futility of my intent. Could I at least make sure that other users cannot read files in my home directory by runningsudo chmod -R -- o-rwx "$HOME"? It seems to work without issue, but wouldn't mind your thoughts on this.
– Harold Fischer
Jun 16 at 1:06
@HaroldFischer you could, but what's the benefit of that in this scenario, where the attacker can run commands as your user?
– muru
Jun 16 at 5:24
add a comment |Â
Thank you for taking the time to point out the futility of my intent. Could I at least make sure that other users cannot read files in my home directory by runningsudo chmod -R -- o-rwx "$HOME"? It seems to work without issue, but wouldn't mind your thoughts on this.
– Harold Fischer
Jun 16 at 1:06
@HaroldFischer you could, but what's the benefit of that in this scenario, where the attacker can run commands as your user?
– muru
Jun 16 at 5:24
Thank you for taking the time to point out the futility of my intent. Could I at least make sure that other users cannot read files in my home directory by running
sudo chmod -R -- o-rwx "$HOME"? It seems to work without issue, but wouldn't mind your thoughts on this.– Harold Fischer
Jun 16 at 1:06
Thank you for taking the time to point out the futility of my intent. Could I at least make sure that other users cannot read files in my home directory by running
sudo chmod -R -- o-rwx "$HOME"? It seems to work without issue, but wouldn't mind your thoughts on this.– Harold Fischer
Jun 16 at 1:06
@HaroldFischer you could, but what's the benefit of that in this scenario, where the attacker can run commands as your user?
– muru
Jun 16 at 5:24
@HaroldFischer you could, but what's the benefit of that in this scenario, where the attacker can run commands as your user?
– muru
Jun 16 at 5:24
add a comment |Â
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
var $window = $(window),
onScroll = function(e)
var $elem = $('.new-login-left'),
docViewTop = $window.scrollTop(),
docViewBottom = docViewTop + $window.height(),
elemTop = $elem.offset().top,
elemBottom = elemTop + $elem.height();
if ((docViewTop elemBottom))
StackExchange.using('gps', function() StackExchange.gps.track('embedded_signup_form.view', location: 'question_page' ); );
$window.unbind('scroll', onScroll);
;
$window.on('scroll', onScroll);
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2faskubuntu.com%2fquestions%2f1036239%2fubuntu-are-there-negative-implications-for-making-dot-files-like-profile-and%23new-answer', 'question_page');
);
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
var $window = $(window),
onScroll = function(e)
var $elem = $('.new-login-left'),
docViewTop = $window.scrollTop(),
docViewBottom = docViewTop + $window.height(),
elemTop = $elem.offset().top,
elemBottom = elemTop + $elem.height();
if ((docViewTop elemBottom))
StackExchange.using('gps', function() StackExchange.gps.track('embedded_signup_form.view', location: 'question_page' ); );
$window.unbind('scroll', onScroll);
;
$window.on('scroll', onScroll);
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
var $window = $(window),
onScroll = function(e)
var $elem = $('.new-login-left'),
docViewTop = $window.scrollTop(),
docViewBottom = docViewTop + $window.height(),
elemTop = $elem.offset().top,
elemBottom = elemTop + $elem.height();
if ((docViewTop elemBottom))
StackExchange.using('gps', function() StackExchange.gps.track('embedded_signup_form.view', location: 'question_page' ); );
$window.unbind('scroll', onScroll);
;
$window.on('scroll', onScroll);
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
var $window = $(window),
onScroll = function(e)
var $elem = $('.new-login-left'),
docViewTop = $window.scrollTop(),
docViewBottom = docViewTop + $window.height(),
elemTop = $elem.offset().top,
elemBottom = elemTop + $elem.height();
if ((docViewTop elemBottom))
StackExchange.using('gps', function() StackExchange.gps.track('embedded_signup_form.view', location: 'question_page' ); );
$window.unbind('scroll', onScroll);
;
$window.on('scroll', onScroll);
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Why not just train yourself to get in the habit of locking the screen whenever you stand up to leave your desk even if only for a minute? Then one would need your password to unlock the screen, and you wouldn't need to sudo to change permissions if you ever do need to edit those files (such as to change something in vim config). Plus there are plenty of other things one could do to other files.
– dobey
May 14 at 19:47
That's understandable why would you ask that. In my case I have 5 computers running, and they all have really long passwords (i.e., I would lose 3-5 minutes every time I walked away from my desk and came back). And there are plenty of other ways people could screw up my machine even without root permissions. But I still think it would be useful to make the files read-only in case I did happen to forget to lock the screens before I walked away. If I was a bad actor, .profile and .bashrc would definitely be the first things that crossed my mind if I wanted to sabotage or try to insert bad code
– Harold Fischer
May 14 at 20:10
The repositories marked as "universe" I think, which contain 3rd party packages, and those may in some cases need to add environment variables to
~/.bashrcsimply due to how they're designed.– Sergiy Kolodyazhnyy
Jun 15 at 6:01