Just a note about system security. Every file *and* directory that is world writable cannot be trusted! The hacker's favority tool is the ability to change ordinary files into something else and for this, all that is needed is write permission to the directory or file. 666 and 777 are VERY bad permissions and when discovered, the affected files and directories should be carefully examined for content. The exceptions are /tmp and /var/tmp which must be 777 but more appropriately, 1777 (which requires the owner in order to delete or rename an entry in the directory).
The most common causes for bad permissions are:
- some process complains about permissions and a bunch of files are changed to 777 in hopes of solving the problem. Usually, it doesn't but the permissions are left open anyway.
- umask has never been set. This is an absolute requirement for every Unix system and must be set for every user as: umask 077 or slightly less secure, umask 022. Make sure umask is set in /etc/profile and /etc/csh.login
Bill Hassell, sysadmin
