World Write Permission Folder

morganelan · ‎10-29-2005

Hi Unix Gurus,
Why do the permissions of these folders are 777?Are they right?Thanks in advance....

/opt/apache/logs
/opt/tomcat/logs
/opt/tomcat/work
/opt/netscape/dynfonts
/opt/netscape/plugins
/opt/netscape/talkback
/opt/java1.3
/opt/emc
/tmp
/usr/share/man/cat1.Z
/usr/share/man/cat1m.Z
/usr/share/man/cat2.Z
/usr/share/man/cat3.Z
/usr/share/man/cat4.Z
/usr/share/man/cat5.Z
/usr/share/man/cat6.Z
/usr/share/man/cat7.Z
/usr/share/man/cat8.Z
/usr/local
/usr/local/man
/usr/local/bin
/usr/local/etc
/usr/local/games
/usr/local/lib
/usr/emc
/usr/emc/API
/usr/emc/API/symapi
/usr/emc/API/symapi/db
/usr/emc/API/symapi/log
/usr/emc/API/symapi/config
/usr/emc/API/symapi/ldb
/usr/emc/API/symapi/ldb/profiles
/usr/emc/API/symapi/daemons
/usr/emc/API/symapi_old
/usr/emc/API/symapi_old/config
/usr/emc/API/symapi_old/db
/usr/emc/API/symapi_old/log
/usr/uagent/logs
/usr/CYEagent
/usr/ecc
/usr/ecc/exec
/usr/ecc/exec/utils
/usr/ecc/exec/utils/perl
/usr/ecc/exec/tools
/usr/ecc/exec/data
/usr/ecc/exec/esnapi
/usr/ecc/exec/MGA510/diskqueue
/usr/ecc/exec/MGA510/diskqueue/SST
/usr/ecc/exec/MHR510/diskqueue
/usr/ecc/exec/MHR510/diskqueue/SST
/usr/ecc.old
/usr/ecc.old/exec
/usr/ecc.old/exec/utils
/usr/ecc.old/exec/utils/perl
/usr/ecc.old/exec/data
/usr/ecc.old/exec/esnapi
/usr/ecc.old/exec/Master
/usr/ecc.old/exec/diskqueue
/usr/ecc.old/exec/diskqueue/SST
/usr/ecc.old/exec/diskqueue/WLA
/usr/ecc.old/exec/MHR500
/usr/ecc.old/exec/MHR500/diskqueue
/usr/ecc.old/exec/MHR500/diskqueue/SST
/usr/ecc.old/exec/MHR500/diskqueue/WLA
/var/opt/common
/var/opt/oracle
/var/tmp
/var/tmp/help
/var/tmp/precise.14511
/var/tmp/precise.14737
/var/tmp/precise.14746
/var/adm/streams
/var/spool/sockets
/var/spool/sockets/common
/var/spool/sockets/pwgr
/var/spool/sockets/ICE
/var/spool/uucppublic
/var/spool/rexd
/var/news
/var/rbootd
/var/preserve
/var/X11/Xserver/logs
/var/obam/translated
/var/tmp_test
/var/emc
/var/tmp_dupl
/var/hwe
/var/icod
/home/appmgr11/scripts
/home/yas/test
/home/dbtuner/PreciseKeys
/home/dbtuner/PreciseKeys/idrkerp1
/home/app11i/210205
/dev/screen
/dev/vg11
/dev/vg12
/dev/vg13
/dev/vg14
/dev/vgtest

Kamal Mirdad

Ranjith_5 · ‎10-29-2005

Hi,

Many of the HPUX folders are created with 777 permission by default during the installation. Next part is to check what is your umask, which sets the default permission for the system. Its a best practice that you set sticky bit on all the world writable directories, including /tmp directory.

Install bastille on your machine and do the scan for world writable directories. Bastille will also create a script which will help you to set sticky bit on all the world writable directories.

It also a security threat that your directories are world writable. Bastille will also help you to setup security on your system.

See the installation procedure here.
http://h20293.www2.hp.com/portal/swdepot/displayInstallInfo.do?productNumber=B6849AA

You can download bastille from the following link.

http://h20293.www2.hp.com/portal/swdepot/displayProductInfo.do?productNumber=B6849AA

Regards,
Syam

Steven E. Protter · ‎10-29-2005

There is no good reason for most of that stuff being 777 except for laziness on behalf of programmers and possibly umask issues.

I recommend running Bastille on this system. It has a nice tool for cleaning these problems up en masse.

SEP

Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com

Bill Hassell · ‎10-30-2005

A lot of the bad permissions (777 is almost always a bad thing) are probably due to root not having a umask (ie, umask = 000). Your /dev volume groups should be 750 or even 700. /home directories are the responsibility of the user, but like root, they may not have umask set ( a very common problem because umask is not set in /etc/profile by default). /home will havge to be cleaned up one item at a time.

/var needs help, only /var/tmp should be 777 (actually, 1777). The rest of the directories need to be cleaned up. /usr needs a *lot* of work. /usr/local directories have been wrong for about 15 years (s/be 755).

Now the /usr/share/mna directotries need an explanation: You can change from 777 to 755 but then formatting of man pages will always be done. If the permissions are 777, each man page is formatted once when read and you avoid the wait for formatting to take place.

It is important to make note of the permission changes so if a problem develops, you'll be able to fix it correctly.

Bill Hassell, sysadmin

morganelan · ‎10-30-2005

Thanks all of you ...

Kamal Mirdad

Categories

Company

Local Language

Forums

Discussions

Forums

Discussions

Forums

Discussions

Forums

Discussions

Forums

Discussions

Discussions

Forums

Forums

Discussions

Forums

Discussions

Forums

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Community

Resources

Other HPE Sites

Discussions

Forums

Blogs

World Write Permission Folder

World Write Permission Folder

Re: World Write Permission Folder

Re: World Write Permission Folder

Re: World Write Permission Folder

Re: World Write Permission Folder