HPE Community
Operating System - HP-UX
1833624 Members
3361 Online
110062 Solutions
New Discussion

permission for the HP-UX file system

 
SOLVED
Go to solution
Toscanini Montaño
Occasional Advisor

‎09-08-2006 04:08 AM

‎09-08-2006 04:08 AM

permission for the HP-UX file system

Hi all,


Can I remove the write access for the "other" in the (/tmp /var /etc /opt) files without breking the system operation??

Thanks Toscanini.
0 Kudos
Reply
6 REPLIES 6
IT_2007
Honored Contributor

‎09-08-2006 04:15 AM

‎09-08-2006 04:15 AM

Solution

Re: permission for the HP-UX file system

It depends on how your system configured for applications.

Better take backup and change one at a time.

/etc is static
/opt is static
/var is dynamic
/tmp is dynamic -- you can set stickybit 1777
Reply
Jaime Bolanos Rojas.
Honored Contributor

‎09-08-2006 04:17 AM

‎09-08-2006 04:17 AM

Re: permission for the HP-UX file system

Toscanini!

That will depend on the file that you are talking about, if you want to take away all of the write permission for other in all of the files under that directory, I would sure expect something to work right on the system.

Regards,

Jaime.
Work hard when the need comes out.
0 Kudos
Reply
Jaime Bolanos Rojas.
Honored Contributor

‎09-08-2006 04:18 AM

‎09-08-2006 04:18 AM

Re: permission for the HP-UX file system

Toscanini!

That will depend on the file that you are talking about, if you want to take away all of the write permission for other in all of the files under that directory, I would sure expect something No to work right on the system, sorry I missed the NO part.

Regards,

Jaime.
Work hard when the need comes out.
Reply
Patrick Wallek
Honored Contributor

‎09-08-2006 04:34 AM

‎09-08-2006 04:34 AM

Re: permission for the HP-UX file system

You most definitely should remove write access for other for /var, /etc and /opt.

/tmp should be changed to 1777 permission (rwxrwxrwt).

Here is a sample listing of those directories from one of my machines:

dr-xr-xr-x 30 bin bin 8192 Sep 8 11:10 /etc
dr-xr-xr-x 51 bin bin 8192 Jan 20 2004 /opt
dr-xr-xr-x 29 bin bin 8192 Oct 3 2005 /var
Reply
Toscanini Montaño
Occasional Advisor

‎09-08-2006 05:51 AM

‎09-08-2006 05:51 AM

Re: permission for the HP-UX file system

Thank all for your support.
0 Kudos
Reply
Bill Hassell
Honored Contributor

‎09-08-2006 01:16 PM

‎09-08-2006 01:16 PM

Re: permission for the HP-UX file system

The permissions supplied by HP are correct for proper security so I would first run swverify to look at all the HP-UX directories. It is standard security practice to search for world-writable directories and files. However, some directories and files should remain world writable. An example is the man page files in /usr/share/man/*

Now /tmp and /var/tmp must remain world-writable as many applications depend on these two directories for accessability. By definition, they are temporary so the content should not be assumed to be stable. For both /var/tmp (not /var) and /tmp, the correct permission is 777 but may be extended to 1777 to prevent accidental removal of files by non-owners.

As far as /opt /etc /dev /sbin /usr /home (and others), do not change them from their secure values (755 or perhaps 775). Subdirectories (and files) within these system directories should also be secured but be sure to check before changing. The swverify list will be a great help.


Bill Hassell, sysadmin
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.