HPE Community
Operating System - HP-UX
1829598 Members
1718 Online
109992 Solutions
New Discussion

Permissions under /tcb/files/auth

 
SOLVED
Go to solution
Zigor Buruaga
Esteemed Contributor

‎09-30-2004 06:02 AM

‎09-30-2004 06:02 AM

Permissions under /tcb/files/auth

Hi experts,

OS: Hp-UX 11.00 & 11.11

Following the HPUXBenchmark security policies, I have changed the permissions under "/tcb/files/auth/" to 700. However, each time a user log on ( i.e. "user1", its security file has again the old permissions 644, "/tcb/files/auth/u/user1" ).
I'm sure that I'm missing something here, any help would be highly appreciated.

Thanks in advance.
Best regards,
Zigor
0 Kudos
Reply
8 REPLIES 8
Zigor Buruaga
Esteemed Contributor

‎09-30-2004 06:08 AM

‎09-30-2004 06:08 AM

Re: Permissions under /tcb/files/auth

Hi again,

Little mistake, the user security file has again the old permissions 664, not 644.

Thanks!
Best regards,
Zigor
0 Kudos
Reply
Prashant Zanwar_4
Respected Contributor

‎09-30-2004 06:46 AM

‎09-30-2004 06:46 AM

Re: Permissions under /tcb/files/auth

Even I have the following in my setup. I believe

# ls -ld $PWD
drwxrwx--x 55 root sys 1024 Mar 19 2004 /tcb/files/auth

/tcb/files/auth/pzanwar not found
# ls -ld $PWD/p/pzanwar
-rw-rw-r-- 1 root root 211 Sep 30 13:44 /tcb/files/auth/p/pzanwar

# ls -ld /tcb
dr-xr-x--x 3 root sys 96 Mar 19 2004 /tcb


I believe at the tcb level it is taken care. Hope this helps
Prashant
"Intellect distinguishes between the possible and the impossible; reason distinguishes between the sensible and the senseless. Even the possible can be senseless."
0 Kudos
Reply
Patrick Wallek
Honored Contributor

‎09-30-2004 09:39 AM

‎09-30-2004 09:39 AM

Solution

Re: Permissions under /tcb/files/auth

No way to get around that, that I know of. I look at the HPUX Benchmark stuff at one point and was not terribly impressed. They recommended setting permissions on lots of files the either 1) don't work (like /tcb), or 2) just flat don't make sense.

Reply
Victor BERRIDGE
Honored Contributor

‎09-30-2004 10:08 AM

‎09-30-2004 10:08 AM

Re: Permissions under /tcb/files/auth

I agree with Patrick,
2) e.g. what is the point for posssible security breach to change /usr/sbin/swapinfo permissions if you can cp /usr/sbin/swapinfo to you home directory and execute it?


All teh best
Victor

Reply
Zigor Buruaga
Esteemed Contributor

‎09-30-2004 04:02 PM

‎09-30-2004 04:02 PM

Re: Permissions under /tcb/files/auth

Hi again,

OK, "strange" recommendations then ...
Thanks for all the answers.

Best regards,
Zigor
0 Kudos
Reply
Chris Calabrese
Valued Contributor

‎10-04-2004 07:03 AM

‎10-04-2004 07:03 AM

Re: Permissions under /tcb/files/auth

It definitely does not make sense to chmod files in /tcb/files/auth when the system keeps changing them back.

And that's why we've eliminated in the upcoming revision of the CIS HP-UX benchmark.

This is just one of many changes due to feedback from the community.

There are also some other changes to reflect feature-changes in the latest HP-UX releases and in add-on the packages for HP-UX (like HP's new Security Patch Check version).

We're just finishing up work on the new version, but it's never too late to send your feedback/wishlist to me at chris_calabrese@yahoo.com.


As for /usr/bin/swapinfo, I'm having a hard time finding reference to that file in any of the HP-UX Benchmark versions that CIS has published. Victor, can you provide me with additional details?

Thanks.

--
Chris Calabrese
Center for Internet Security
HP-UX Benchmark Editor
chris_calabrese@yahoo.com
Brainbench MVP for Unix Administration and Internet Security, SANS Review Editor, and Center for Internet Security HP-UX Benchmark project leader
Reply
Zigor Buruaga
Esteemed Contributor

‎10-05-2004 06:23 AM

‎10-05-2004 06:23 AM

Re: Permissions under /tcb/files/auth

Hi,

Thanks for your answer Chris.
I will let this thread open, so who wants can give you more feedback about this matter also in this site. The experts are here.

Thanks again to all.
Best regards,
Zigor
0 Kudos
Reply
Herman Chim_2
New Member

‎10-15-2007 05:12 AM

‎10-15-2007 05:12 AM

Re: Permissions under /tcb/files/auth

Hi,

In HP-UX 11.23 & 11.31, system still changes the permission back to 664. Our auditor wants to confirm if the settings is appropriate. Is there a way to avoid the permission change?

Thanks,
Herman
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.