- Community Home
- >
- Servers and Operating Systems
- >
- Operating Systems
- >
- Operating System - HP-UX
- >
- Restricting owner permissions for software depots
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Forums
Discussions
Discussions
Discussions
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-16-2001 03:05 AM
11-16-2001 03:05 AM
My question is, is how can I stop the developer doing something like the following in the PSF file:
file_permissions -o root -m 4555
file /usr/bin/sh=/tmp/myrootshell
Or is the only way to do a wrapper script to lock the PSF file into one that they can't alter?
Thanks
dave
Solved! Go to Solution.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-16-2001 03:39 AM
11-16-2001 03:39 AM
Re: Restricting owner permissions for software depots
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-16-2001 04:03 AM
11-16-2001 04:03 AM
Re: Restricting owner permissions for software depots
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-16-2001 05:57 AM
11-16-2001 05:57 AM
Re: Restricting owner permissions for software depots
Write a script to "browse" their package to ensure that they haven't done such. Also, if they have root on their development machine and they chmod 7555 on ksh and put it into their package, then it will come over with 7555 without the file_permission attribute.
You could easily set a policy regarding "packages" and anyone found "cheating" will be reprimanded. Before an install do this:
find / \( -perm -4000 -o -perm -2000 \) -exec ls -ld {} \; >/tmp/pre_modes
then after the install do this:
find / \( -perm -4000 -o -perm -2000 \) -exec ls -ld {} \; >/tmp/post_modes
diff /tmp/pre_modes /tmp/post_modes
If there are differences that are not documented, then act on it.
There are legitimate reasons for having files set with root ownership and/or setuid/gid. If it's not documented that this will occur, then again act on it.
live free or die
harry
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-16-2001 09:10 AM
11-16-2001 09:10 AM
Re: Restricting owner permissions for software depots
I'll just have to strictly control the PSF - doing a tripwire scan of all important files will be too time consuming after every package install! (Not just checking for suid files as they could do much much worse!)
dave
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-16-2001 09:49 AM