HPE Community
Operating System - HP-UX
1847086 Members
5411 Online
110262 Solutions
New Discussion

Generated dinamic directories

 
SOLVED
Go to solution
Dewa Negara_4
Regular Advisor

‎07-01-2004 08:21 PM

‎07-01-2004 08:21 PM

Generated dinamic directories

Hi All,

I have put this question few weeks ago, but I recall it again for further clarifications.

Because of security reasons, I want to change permission of all systems directories with 777 permission to 775 instead.

After monitoring for few days, I noticed that the 3 directories below are always changed back to 777 with unknown reasons

/var/opt/dce/rpc/local/s-0
/var/opt/dce/rpc/local/s-3
/var/spool/sockets/pwgr

I concluded the answers from this forum that those directories are generated dynamic directories, even if they are removed and system is rebooted they will get created once again. There no way to prevent them from 777 permission.

My further question :
1. what happen if any user or root accidently delete one or more files under those directories? will the system crash or user get disconnected from system?

2. what happen if those directories are accidently deleted? will the system crash or user get disconnected from system?

Pls help. High score will be given.

Thanks for your helo in advance.

Best Regards,
Negara

Santos
0 Kudos
Reply
5 REPLIES 5
Victor BERRIDGE
Honored Contributor

‎07-01-2004 08:26 PM

‎07-01-2004 08:26 PM

Solution

Re: Generated dinamic directories


Hi,
You will have to find who or what generates the directories and add an suitable umask in its environment...

All the best
Victor
Reply
Victor BERRIDGE
Honored Contributor

‎07-01-2004 08:37 PM

‎07-01-2004 08:37 PM

Re: Generated dinamic directories

I just went and see what's in /var/spool/sockets/pwgr on a box that has this directory (because I found one without...) and by the look at things there are many different owners and groups creating sockets so I would not change anything as said previously there are dynamically generated by different applications with different uid/gid.
I dont see any security reason to change anything here

All the best
Victor
Reply
T G Manikandan
Honored Contributor

‎07-01-2004 09:10 PM

‎07-01-2004 09:10 PM

Re: Generated dinamic directories

For the list you have mentioned

var/opt/dce/rpc/local/s-0
/var/opt/dce/rpc/local/s-3
/var/spool/sockets/pwgr



var/opt/dce/rpc/local/s-0
/var/opt/dce/rpc/local/s-3

the above directories have 1777 on my system and I feel that should be the right way to have the sticky bit on those directories.

If sticky bit is set only the owner or root can delete the directory.


Regarding
/var/spool/sockets/pwgr

pwgr is a password and group caching,
this would not be required on systems with minimum users.

Just disable pwgr in /etc/rc.config.d/pwgr,the value to 0


Reply
Dewa Negara_4
Regular Advisor

‎07-01-2004 09:27 PM

‎07-01-2004 09:27 PM

Re: Generated dinamic directories

Thanks all.

Can anyone pls help what might be happen if user or root delete the files under those directories?

Thanks.
Santos
0 Kudos
Reply
T G Manikandan
Honored Contributor

‎07-01-2004 10:35 PM

‎07-01-2004 10:35 PM

Re: Generated dinamic directories

There will be various calls to the daemon thru' various libc calls.

there will be a disconnection in the connections when those socket files are removed.

As mentioned previously,removing files from pwgr directory is not going to affect much as anyway those files which are not used for 10 minutes will be automatically deleted.

For the other important directories you would definitely require sticky bit permissions on them.

I have sticky bit set on s-0 and s-3 directories
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.