HPE Community
Operating System - HP-UX
1843258 Members
4750 Online
110214 Solutions
New Discussion

doing permission changes for the users

 
SOLVED
Go to solution
Elena Leontieva
Esteemed Contributor

‎10-31-2005 04:06 AM

‎10-31-2005 04:06 AM

doing permission changes for the users

Hello,

Working on security remediation I asked all users on the system to remove world-writable permissions on the files/directories they own or justify the need for ww. Some of them being lazy want me as 'root' to do the changes for them. I do not think I should do that. What is your opinion?

Thanks,
Elena.
0 Kudos
Reply
4 REPLIES 4
A. Clay Stephenson
Acclaimed Contributor

‎10-31-2005 04:09 AM

‎10-31-2005 04:09 AM

Re: doing permission changes for the users

Because security is ultimately your responsibility, you should have already had scripts in place that periodically scan your systems and change the mode of the files. My scripts also use a "do_not_change" list to exclude specific files.

If it ain't broke, I can fix that.
0 Kudos
Reply
Patrick Wallek
Honored Contributor

‎10-31-2005 04:10 AM

‎10-31-2005 04:10 AM

Solution

Re: doing permission changes for the users

If you asked them to do the changes or provide justification, and they haven't, then by all means make the changes yourself. I would provide the users with a deadline, and if they don't respond then take away the world-write permission.

You are right in that you *shouldn't* have to do this yourself, but system security is ultimately your responsibility as the admin.

Reply
Victor BERRIDGE
Honored Contributor

‎10-31-2005 04:12 AM

‎10-31-2005 04:12 AM

Re: doing permission changes for the users

Hi Elena,

I would mofify those lazy users profile by adding a adequate umask!


All the best
Victor
Reply
Rick Garland
Honored Contributor

‎10-31-2005 04:45 AM

‎10-31-2005 04:45 AM

Re: doing permission changes for the users

Security is the Admin's responsibility. The Admin has the tools to make the umask, to modify anyone's settings, etc.

You as the security officer for the system need to educate the users to hopefully get some assistance from them.

But the last line of defense is you.
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.