Summary:Solaris 2.6 Group Write Permissions

Mark_Conroy@em.fcnbd.com
Fri, 26 Sep 1997 08:24:26 -0500

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Derko Drukker: "SUMMARY: SZ-field in ps -elf and related next question"
Previous message: Craig Faasen: "SUMMARY: Off topic: Sun-Nets"

Thanks to all who responded. The couple of responses I received
indicated that the directories should not be group writable, but the
members of the group pose no real security threat.

Another response was to point me to a script that will change the
permissions of many files. This will be somthing worth looking into.

Thanks again to:

Michael Hill
Casper Dik

The following are their responses:

There shouldn't be any problem doing so. But only the root, bin, sys,
and adm accounts are in the group sys by default; the first should be
tightly controlled, obviously, and the latter three shouldn't ever be
logged into anyway. So unless you're handing out membership in group
sys, it's not likely to be much of a security breach to have these
group-writable. Having /dev/*mem and /dev/*dsk/c?t* (i.e. memory and
the disk devices) readable by group sys is much more likely to be a
problem if there were users in that group.

--
--Michael

There's no reason for them to be group writable.

Sun really ought to fix the permissions of those files; but it's been
an uphill battle from within.

There's some software I wrote to do thsi automatically:

ftp.wins.uva.nl:/pub/solaris/auto-install/*

the tar.gz file contains a script and a program that fixes ownership
and permissions to mroe sane values.

It creates an undo file so you can undo it if it breaks anything. By
using my program, patches can still be applied.

Casper

Next message: Derko Drukker: "SUMMARY: SZ-field in ps -elf and related next question"
Previous message: Craig Faasen: "SUMMARY: Off topic: Sun-Nets"