HPE Community
Operating System - HP-UX
1826382 Members
4216 Online
109692 Solutions
New Discussion

Re: /etc/useracct/utmpd_read, why world writable?

 
SOLVED
Go to solution
Carl Cloutier
Advisor

‎08-06-2008 08:48 AM

‎08-06-2008 08:48 AM

/etc/useracct/utmpd_read, why world writable?

Hello,

I am getting a security audit violation for having world writable permissions on the /etc/useracct/utmpd_read file. Does this file have to be world writable and if so why?

Thank you,
Carl
When in doubt, gas it!
0 Kudos
Reply
4 REPLIES 4
Steven E. Protter
Exalted Contributor

‎08-06-2008 09:33 AM

‎08-06-2008 09:33 AM

Re: /etc/useracct/utmpd_read, why world writable?

Shalom Carl,

Strange day for me. Lots of stuff I never saw before.

I'm not familiar with this file. I'm not even sure its a part of HP-UX.

Can you do a uname -a and let us know what version of the OS this is and what security enhancements you have installed?

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
0 Kudos
Reply
James R. Ferguson
Acclaimed Contributor

‎08-06-2008 09:39 AM

‎08-06-2008 09:39 AM

Re: /etc/useracct/utmpd_read, why world writable?

Hi Carl:

Since this file and its companions are part of the accounting for currently logged-in users, I think that the audit isn't context-sensitive". Stated differently, the audit may be overly paranoid.

http://docs.hp.com/en/B3921-60631/utmpd.1M.html

I would suspect that the 'umask' setting at the time accounting is enabled may be too lax.

Regards!

...JRF...
0 Kudos
Reply
TTr
Honored Contributor

‎08-06-2008 09:56 AM

‎08-06-2008 09:56 AM

Solution

Re: /etc/useracct/utmpd_read, why world writable?

That file is not a regular file, it is a socket. Typically sockets are world writable and if you search in the system for more sockets (find / -type s -exec ll {} \;) you will find that most sockets are world writable. I can't tell what will happen if you change the permissions.
Every socket file is used by two or more processes. If these processes are owned by the socket owner/group they should be able to use the socket if you take away the world write access.
Reply
Carl Cloutier
Advisor

‎08-07-2008 11:06 AM

‎08-07-2008 11:06 AM

Re: /etc/useracct/utmpd_read, why world writable?

Thank you everyone for your replies. TTr, thank you for pointing out that the file is a socket. I overlooked that fact. I will likely push for an exception for this file from the security violation.
When in doubt, gas it!
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.