Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: How to find root owned world writable files?
Top Forums UNIX for Dummies Questions & Answers How to find root owned world writable files? Post 302461446 by pinga123 on Monday 11th of October 2010 08:07:12 AM
Old 10-11-2010
Quote:
Originally Posted by methyl
Please post the exact complete and total statement from your stated source and state the exact and complete and total list of relevant software you are running in this context and describe in exact and complete and total detail regarding which software is under the spotlight in today's "server hardening" exercise.

Please, please, please do not relay your own understanding of this issue but the complete and total detail of this issue.
Can you please elaborate in simple statement?Which software you are talking about.

I m doing linux server hardening regardless of any document but online stuff.
As i m new to linux i m posting it under linux newbie section.Please give me some time to fully understand the environment.
However as you can see i have done something to make it work and here just evaluating whether it is correct or not?

---------- Post updated at 07:07 AM ---------- Previous update was at 07:04 AM ----------
Quote:
Originally Posted by thegeek
Frame the find command, as u require.

Code:
find

Everywhere

Code:
/

Only directories ( if both files dont mention )

Code:
-type d

root owned files

Code:
-user root

permission bits

Code:
-o=w

Thanks that was very helpful i will keep this in mind.
 

10 More Discussions You Might Find Interesting

1. Shell Programming and Scripting

Perl CGI to access / edit "root" owned config files

I am trying to write a CGI program which accesses UNIX configuration files and changes them as required. The thing is, I don't want the CGI program to be "root" owned - it's Perl based! Is there any way that the Perl CGI program can request a username and password - and then use this to... (1 Reply)
Discussion started by: WIntellect
1 Replies

2. AIX

How to find world writable files? (AIX)

Hi Group, Could someone tell me how to find world writable files on my server? I can use find command in conjuction with -perm option and I will get an output. But what I need is an output which looks similar to ls -l output. Meaning, it should give me the full path of the file along with the... (1 Reply)
Discussion started by: matifr
1 Replies

3. UNIX for Dummies Questions & Answers

How do i find out the list of users whose terminal is writable?

Hello, i just wanted to know how do i find out the list of users whose terminal is writable?i mean i used who -T but this gives a list of all users whose terminal is writable or blocked and not writable. So how do i do this?I am new to Unix. (2 Replies)
Discussion started by: salman4u
2 Replies

4. UNIX for Dummies Questions & Answers

user able to delete directory owned by root

I've tried to figure this out. I'm only about 6 mos into my AIX admin duties, but I've got a "security" problem I can't figure out. I've created a sub directory as follows: drwx------ 2 root system 256 Apr 13 16:02 mike I've logged in another session with the following user: $ id... (2 Replies)
Discussion started by: mpheine
2 Replies

5. UNIX for Dummies Questions & Answers

find directories owned by a given user

Hi, I want to know if the is a way I can list the directories owned by a given user. Say i am logged in as that user. I found out the find command lists the files owned by a certain user/group but i want to know only the directories and if possible the permissions associated with these... (6 Replies)
Discussion started by: poojabhat
6 Replies

6. AIX

AIX 5.x OpenSSH choot and non-root owned

Good day. I was looking at implementing a chroot environment using openssh. I know I can use the sshd_config file and dictate that it is to use chroot for a specific directory for a user/group. However, the issue with this is that it is has to be root owned. To my knowledge, there is no mount... (0 Replies)
Discussion started by: smurphy_it
0 Replies

7. AIX

find command to list all the 777 files and directories owned by root user

Hi I'm logged in to an AIX box now and we need to do an audit on this box. cbssapr01:# pwd / Which command will show all the files and directories owned by root user with permissions as 777 ? (8 Replies)
Discussion started by: newtoaixos
8 Replies

8. UNIX for Dummies Questions & Answers

Read authorization for everybody on sub-directory owned by root

Hello. On my family laptop, I have a directory named /local. It is owned by root. I want to create a sub-directory named documents ( /local/documents ). I want to exclude exec for every body in that directory I want every authenticated linux user can create a sub directory ( ie :... (7 Replies)
Discussion started by: jcdole
7 Replies

9. Shell Programming and Scripting

World writable home dirs

what is wrong with this script? I get: ./perm.sh: command substitution: line 21: unexpected EOF while looking for matching `"' ./perm.sh: command substitution: line 22: syntax error: unexpected end of file Script: #!/bin/bash for dir in `/bin/cat /etc/passwd | /bin/egrep -v... (4 Replies)
Discussion started by: greenja9
4 Replies

10. Ubuntu

Create zip file from root owned fstab

I want to zip up my fstab file for backup purposes. This does not work because of permission issues. cd /etc/ zip -u fstab.zip fstab Can I use this with zip? echo xxx | sudo -S or change fstab owner to me? (3 Replies)
Discussion started by: drew77
3 Replies

LEARN ABOUT DEBIAN

gsexec

GSEXEC(8)							  GridSite Manual							 GSEXEC(8)

NAME

       gsexec - Switch user before executing external programs

SYNOPSIS

       gsexec [-V]

SUMMARY

       gsexec  is used by the Apache HTTP Server to switch to another user before executing CGI programs. In order to achieve this, it must run as
       root.  Since the HTTP daemon normally doesn't run as root, the gsexec executable needs the setuid bit set and must be  owned  by  root.	It
       should never be writable for any other person than root.

       gsexec  is  based  on Apache's suexec, and its behaviour is controlled with the Apache configuration file directives GridSiteExecMethod and
       GridSiteUserGroup added to Apache by mod_gridsite(8) Four execution methods are supported: nosetuid,  suexec,  X509DN  and  directory,  and
       these may be set on a per-directory basis within the Apache configuration file.

NOSETUID METHOD

       This is the default behaviour, but can also be produced by giving GridSiteExecMethod nosetuid

       CGI  programs will then be executed without using gsexec, and will run as the Unix user given by the User and Group Apache directives (nor-
       mally apache.apache on Red Hat derived systems.)

SUEXEC METHOD

       If GridSiteExecMethod suexec is given for this virtual host or directory, then CGI programs will be executed using the user and group given
       by  the	GridSiteUserGroup  user  group directive, which may also be set on a per-directory basis (unlike suexec's SuexecUserGroup which is
       per-server only.) The CGI program must either be owned by root, the  Apache  user  and  group  specified  at  gsexec  build-time  (normally
       apache.apache) or by the user and group given with the GridSiteUserGroup directive.

X509DN METHOD
       If  GridSiteExecMethod  X509DN is given, then the CGI program runs as a pool user, detemined using lock files in the exec mapping directory
       chosen as build time of gsexec.	The pool user is chosen according to the client's full certificate X.509 DN  (ie  with	any  trailing  GSI
       proxy  name  components stripped off.) Subsequent requests by the same X.509 identity will be mapped to the same pool user. The CGI program
       must either be owned by root, the Apache user and group specified at gsexec  build-time	(normally  apache.apache)  or  by  the	pool  user
       selected.

DIRECTORY METHOD

       If  GridSiteExecMethod  directory  is given, then the CGI program runs as a pool user chosen according to the directory in which the CGI is
       located: all CGIs in that directory run as the same pool user. The CGI program must either be owned by root,  the  Apache  user	and  group
       specified at gsexec build-time (normally apache.apache) or by the pool user selected.

EXECMAPDIR

       The default exec mapping directory is /var/www/execmapdir and this is fixed when the gsexec executable is built. The exec mapping directory
       and all of its lock files must be owned and only writable by root. To initialise the lock files, create an empty lock file  for	each  pool
       user,  with the pool username as the filename (eg user0001, user0002, ...) As the pool users are leased to X.509 identities or directories,
       they will become hard linked to lock files with the URL-encoded X.509 DN or full directory path.

       You can recycle pool users by removing the corresponding URL-encoded hard link.	stat(1) and ls(1) with option -i can be used to print  the
       inodes of lock files to match up the hard links.

       However, you must ensure that all files and processes owned by the pool user are deleted before recycling!

OPTIONS

       -V     If  you are root, this option displays the compile options of gsexec.  For security reasons all configuration options are changeable
	      only at compile time.

MORE INFORMATION

       For further information about the concepts and the security model of the original Apache suexec please refer to the suexec documentation:

       http://httpd.apache.org/docs-2.0/suexec.html

       For examples using the gsexec extensions, please see the GridSite gsexec page:

       http://www.gridsite.org/wiki/Gsexec

AUTHORS

       Apache project, for original suexec

       Andrew McNab <Andrew.McNab@manchester.ac.uk> for gsexec modifications.

       gsexec is part of GridSite: http://www.gridsite.org/

SEE ALSO

       httpd(8), suexec(8), mod_gridsite(8)

gsexec								   October 2005 							 GSEXEC(8)
All times are GMT -4. The time now is 09:19 PM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy