Copying and Linux Permissions

Last time I wrote about using the --reference flag for quickly replicating various aspects of permissions in Linux. Today’s post is how to copy files and retain various attributes, like permissions, ownership, and SELinux context. First, a little background on how permissions are set when copying. How Permissions are Set When Moving Files Or Why the Heck Do Permissions Change with Copying?! So you’ve noticed that when using the mv command permissions will stay the same, but using cp changes then. What’s going on here? Turns out this actually makes a lot of sense. In *nix, permissions are set based...

Cloning Linux Permissions

Ever have that moment where you’re working on your SELinux enabled webserver and you’ve put in a fancy new file into /var/www/html and the darn thing just won’t show up properly, even though everything else is working? Then that sinking realization that you have to deal with three different aspects of troubleshooting permissions - ownership, Unix file permissions and SELinux permissions? Turns out, as long as you have at least one file around that already has the correct owner, permissions and SELinux contexts you can rapidly clone everything with the --reference flag - a trick that took me way too...

Evaluating Project Metrics

Overview A metric is, roughly speaking, a mechanism to collect data on something. For our purposes, a metric is a mechanism to gather data about how well some aspect of a software project is working, in order to provide feedback that can be used to improve the project or the management of the project. Value of Metrics An important thing to consider is the value of metrics - a metric implemented without a specific goal in mind is just going to waste time, which will make your metric overall start to show that you are doing poorly. With this in...

HSDIMUL Project Health Metric

Recently I have been looking into how to track overall improvement in a code-base due to the introduction and continued use of testing. There are a number of metrics that are already defined, ranging from fairly complex ones that can measure quality across multiple projects in a large company, to metrics suited for a single-developer product. That being said, I haven’t run across any that I liked for my situation. To overcome this, I came up with the How Stupid Did It Make Us Look (HSDIMUL) metric. The Requirements First let’s look at the requirements I have for a test...

Recommendations for a Security Education

Perodically I’ll get asked for recommendations for good resources to get started learning about information security. I’ve written reviews on a number of books, and on a handful of other sources, so I thought I’d collect together some of those, as well as make some new recommendations. Most of these recommendations come from the perspective of someone more on the development side of security than IT. I’ve sorted things out into two broad categories -sources that can provide you with an underpinning for a security education, and sources that are good for on-going education (keeping up with news or learning...