Operating System - HP-UX
1834163 Members
2600 Online
110064 Solutions
New Discussion

swapinfo allowed for only root usage?

 
SOLVED
Go to solution
Dan Taylor_3
New Member

swapinfo allowed for only root usage?

Can anyone think of a reason why I would not want to change the permissions on swapinfo so anyone can execute it?

swapon is set right now to:
bin:bin 555 /usr/sbin/swapon

swapingo is set to:
bin:bin 544 /usr/sbin/swapinfo

Is there any security threats to this configuration? Should I reverse the permissions on these two important executables?

Thank you in advance for any help,
Dan Taylor
5 REPLIES 5
S.K. Chan
Honored Contributor

Re: swapinfo allowed for only root usage?

No, in my opinion if swapon can be 555, don't see why not swapinfo. Security threats, not that I know. Otherwise out security-guru would come and breathe down my neck for changing swapinfo to 555.
Charles McCary
Valued Contributor

Re: swapinfo allowed for only root usage?

I don't see this as a problem (security or system).

tx,
c
MANOJ SRIVASTAVA
Honored Contributor
Solution

Re: swapinfo allowed for only root usage?

Hi Dan

I think after you change the permissions , put swapinfo in the path or just append /usr/sbin in the path of the user ., or run /usr/sbin/swapinfo . It runs fine like that.

There should be no security threats as this is just to know the information of the swap stage , other wise I ahve attached a c script which calcutates the memory details at any point of time , you can just compile the same and put it in the /usr/bin so that anyone can excute it . The o/p of this script is like this

Memory Stat total used avail %used
physical 4096.0 3234.0 862.0 79%
active virtual 1128.8 876.9 251.9 78%
active real 1169.8 732.3 437.5 63%
memory swap 3141.0 1016.0 2125.0 32%
device swap 8048.0 2133.9 5914.1 27%


All the best

Manoj Srivastava
Victor_5
Trusted Contributor

Re: swapinfo allowed for only root usage?

I don't think it is a security hole for system.

David Burgess
Esteemed Contributor

Re: swapinfo allowed for only root usage?

I wrote a menu system for our DBA's. One of the options was to run swapinfo -t. Only I could run it as root. I placed a call with the response centre for changing the permissions on swapinfo. I was told to leave it alone as it was a security risk. Unfortunately I Can't remember why.
It's probably worth placing a call and having them search for it.

Regards,

Dave.