HPE Community
Operating System - HP-UX
1832666 Members
3099 Online
110043 Solutions
New Discussion

Re: world-writable files owned by root

 
SOLVED
Go to solution
Elena Leontieva
Esteemed Contributor

‎09-28-2005 07:02 AM

‎09-28-2005 07:02 AM

world-writable files owned by root

Hello,

Can I remove write access for the 'other' without causing any problems for the files in: /usr/share/man/cat* and /usr/dt/share/man/cat* and any other man pages files on the system?

Thank you,
Elena.
0 Kudos
Reply
5 REPLIES 5
Rick Garland
Honored Contributor

‎09-28-2005 07:09 AM

‎09-28-2005 07:09 AM

Re: world-writable files owned by root

I do not have any world write files under /usr/dt/share/*
0 Kudos
Reply
Pat Lieberg
Valued Contributor

‎09-28-2005 07:12 AM

‎09-28-2005 07:12 AM

Re: world-writable files owned by root

I've done that on my local workstation (at least to the man pages) and not had any problems. I have yet to do this to a production server, though.
0 Kudos
Reply
A. Clay Stephenson
Acclaimed Contributor

‎09-28-2005 07:12 AM

‎09-28-2005 07:12 AM

Solution

Re: world-writable files owned by root

These files actually do no harm despite what your security auditors tell you. The files in the 'cat' directories are actually derived from their counterparts in the 'man' directories. For example when 'man ls' is executed, the man command first looks in the 'cat1.Z' directory to see if there is already a file, if not, it looks in the 'man1.Z' directory, uncompresses it and then runs the file through m4 for formatting. The file is then displayed and the formatted fiole is compressed and stored in the 'cat1.Z' directory. These files must be world writable so that they can up updated by any user running man. Rather than changing the permissions on the 'cat' directories, I would delete the files and change the permissions on the 'cat' directories to 000. That way, the files will never be created although there will be a slight loss in the speed at which man display files as it will now have to format every man page. Again, the best advice is to ignore them as no harm is done unless someone malicously changes a man page and instructs you to use the 'rm' command, for example, with the '*' option.
If it ain't broke, I can fix that.
Reply
baiju_3
Esteemed Contributor

‎09-28-2005 07:25 AM

‎09-28-2005 07:25 AM

Re: world-writable files owned by root

Yes you can , auditors are always concerend about these man files.

We run wwp remove scripts for all man pages .It does not affect any thing .

Thanks,
BL.
Good things Just Got better (Plz,not stolen from advertisement -:) )
Reply
Arunvijai_4
Honored Contributor

‎09-28-2005 04:33 PM

‎09-28-2005 04:33 PM

Re: world-writable files owned by root

Yes, You can do that without any troubles. As far as i am concerned, it wont affect anything.

-Arun
"A ship in the harbor is safe, but that is not what ships are built for"
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.