I think you are still learning… What you say doesn’t make sense, so I think you may have misunderstood what happened.
Comment on My stupidity saved me from being hacked today!
haui_lemmy@lemmy.giftedmc.com 9 months agoThere was an option that I had enabled years before and forgotten so yes, I didnt know but it was, on some obscure port.
And yes, pihole in docker makes its files be 777 which is pretty disgusting, I know. Thats why I tried to make it 700 and broke my whole network.
1984@lemmy.today 9 months ago
haui_lemmy@lemmy.giftedmc.com 9 months ago
Imo we are all constantly learning. Otherwise we stagnate. What I say makes perfect sense, you just dont get it. So let me explain it again, in more detail:
I was going through my docker compose files to sanitize them and upload them to my private forgejo instance.
While doing that I found a directory in my filesystem, a remnant of the early days of my server where my knowledge was severely more limited, that was a docker volume mapped to a regular directory, something I wouldnt do today for something like this.
It was owned by root:root and had 777 permissions which is a bad idea imo. So I changed it to 700 since I dont think I had any other users in group root and others, well.
Nothing bad happened, until today when my unattended backups triggered a restart at noon and the tragedy started. I put it back for now to 777 but I‘ll try and integrate it in a real docker volume which resides in the docker folders.
Auli@lemmy.ca 9 months ago
Well I’m running Pinole in docker and don’t have 777 on anything.
haui_lemmy@lemmy.giftedmc.com 9 months ago
Good for you. What permissions do you have on etc/dnsmasq.d if I may ask?
lungdart@lemmy.ca 9 months ago
Doubt. You probably need to set the file owners in your volume to the same user running in the container.
haui_lemmy@lemmy.giftedmc.com 9 months ago
You can doubt all you want. I changed it from 777 to 700 and back again because it broke. Couldnt find the user in the container immediately. Will probably just migrate it to a volume and be done with it.
prettybunnys@sh.itjust.works 9 months ago
So we’ve poked a hole in your knowledge here unless this super popular open source software really requires 777 on those files and everyone has collectively just been ok with it.