Sponsored Content
Top Forums UNIX for Dummies Questions & Answers Need to remove Group write permission . Post 302465316 by pinga123 on Friday 22nd of October 2010 05:44:04 AM
Old 10-22-2010
Need to remove Group write permission .

How would i write a command that can find all the objects under the etc directory that have group write permission enabled and have not been accessed in the last X days.

This is what i got from internet souce but i m not able to modify it according to my distribution.



find /etc -perm -0070 -a -mtime +X ! -type l ?print

Here is the exact statement from link i m referring to.
Quote:
#
2.6 Group Write Permissions

By default many of the files and directories in the LINUX Operating System come with the group-write permission bit enabled allowing the group members to write to the object yet this functionality is rarely required. The group write bit should removed from all operating system files or directories that do not explicitly require it to be enabled.

# Risks: Unintentional or Malicious alteration of critical OS files may leave the system vulnerable to exploitation impacting data confidentiality, integrity or availability.

# Compliance:

+ ISO 17799 Policy: 9.6.1
+ DISA STIG Section: 3.5

# Requirements:

A search of an atypical LINUX box using the find command can identify all files with world write permissions where the atime or mtime have not been updated since the operating system was installed. These files can have their group write permissions safely removed.

For example the following command can find all the objects under the root directory that have group write permission enabled and have not been accessed in the last X days:

find /etc -perm -0070 -a -mtime +X ! -type l ?print

Assuming X is the number of days since the OS was installed then the objects this command identifies can safely have the group write bit disabled.

Note the " ! -type l " is needed to eliminate sym links for since they always have perms 777 this will eliminate false positives.
I m getting following error.

Quote:
# find /etc -perm -0070 -a -mtime 4 ! -type l ?print
find: paths must precede expression
Usage: find [-H] [-L] [-P] [path...] [expression]


---------- Post updated at 04:44 AM ---------- Previous update was at 04:40 AM ----------




I can able to get output if i remove ! -type .

Can any one please help me find what does ! -type do?
 

10 More Discussions You Might Find Interesting

1. UNIX for Dummies Questions & Answers

how to define permission of unix group

While logged on as root, I created a user 'usera' I also created a group called 'groupa' I need to modify the permission of the user i created to not have root privileges. I also need to change groupa to be in 'others' please help! thanks, nieves (3 Replies)
Discussion started by: mncapara
3 Replies

2. AIX

Group permission not working

Please forgive me, but I am not a Unix expert. I'm supporting SAP r/3 and we are trying to run an external command from SAP to read a file at the unix level. When we perform the more command on the following two files, we are succesful in reading the bws file, but unsucessful in reading the bws1... (13 Replies)
Discussion started by: bbauerle
13 Replies

3. UNIX for Dummies Questions & Answers

group permission

I have an executable that had permissions set to 700. I changed this to 770 and added a user to the group in an attempt to allow that userds to run the file. Obviously this didnt work or I wouldnt be here. Do I need to cause the group file to be re-read and if so how, or am I misunderstanding... (6 Replies)
Discussion started by: thumper
6 Replies

4. Shell Programming and Scripting

permission, owner and group

hello I search a script (ksh for Aix 5.3) to save all permissions, groups and owner for all files. Because we work much to change it, and a mystake ......! So i want execute this script to save/ execute permissions for all files. If you have this script, thank you for your help ;) best... (2 Replies)
Discussion started by: pascalbout
2 Replies

5. Shell Programming and Scripting

Find all files with group read OR group write OR user write permission

I need to find all the files that have group Read or Write permission or files that have user write permission. This is what I have so far: find . -exec ls -l {} \; | awk '/-...rw..w./ {print $1 " " $3 " " $4 " " $9}' It shows me all files where group read = true, group write = true... (5 Replies)
Discussion started by: shunter63
5 Replies

6. UNIX for Dummies Questions & Answers

How to remove group write bit?

I know this may sound little incomplete but this is what i read on some linux hardening guide.I dont have any clue on how to remove group's write bit. I m posting the exact sentence of the hardening guide. What all system files to be taken care of? ---------- Post updated 10-04-10 at... (3 Replies)
Discussion started by: pinga123
3 Replies

7. Solaris

Can't sudo Using Group Permission

All: I'm having a problem with sudo on Solaris 5.10 that is giving me fits (and BTW, I'm a Linux admin by trade...). The issue is that I have a number of users (myself included) that cannot sudo to root to complete user admin tasks. Assuming the user is jdoe, and the group with the elevated... (3 Replies)
Discussion started by: rjlohman
3 Replies

8. Solaris

Solaris group ID permission drwxrwS--x

why is the group id in capital S and not lowercase s ? I have a directory with the following permissions: drwxrws--x when I remove the group id and add it again with g+s or chmod 2765 , it displays the group ID in capital "S" instead of lowercase "s" tried to find this out on Google, but... (2 Replies)
Discussion started by: misterx12345
2 Replies

9. UNIX for Dummies Questions & Answers

How to create a Group with rwx permission?

I want to create a GROUP with rwx permission. Also, I want to create a GROUP with root privileges, so that next time i create a user, I just need to add it to any of the groups and privileges automatically applied. please help. Thanks, Shouvanik (4 Replies)
Discussion started by: shouvanik
4 Replies

10. AIX

AIX not following permission rules on group

Has anyone ever encountered this? It's one of those it was working Monday but not today issues. We have an account pcadmin in the group utl, its supposed to read the files in utl. No issues on Monday, but today pcadmin can't read anything owned by utl. Below you can see it still has the group... (8 Replies)
Discussion started by: J-Man
8 Replies
CHMOD(1)						      General Commands Manual							  CHMOD(1)

NAME
chmod - change mode SYNOPSIS
chmod [ -Rf ] mode file ... DESCRIPTION
The mode of each named file is changed according to mode, which may be absolute or symbolic. An absolute mode is an octal number con- structed from the OR of the following modes: 4000 set user ID on execution 2000 set group ID on execution 1000 sticky bit, see chmod(2) 0400 read by owner 0200 write by owner 0100 execute (search in directory) by owner 0070 read, write, execute (search) by group 0007 read, write, execute (search) by others A symbolic mode has the form: [who] op permission [op permission] ... The who part is a combination of the letters u (for user's permissions), g (group) and o (other). The letter a stands for all, or ugo. If who is omitted, the default is a but the setting of the file creation mask (see umask(2)) is taken into account. Op can be + to add permission to the file's mode, - to take away permission and = to assign permission absolutely (all other bits will be reset). Permission is any combination of the letters r (read), w (write), x (execute), X (set execute only if file is a directory or some other execute bit is set), s (set owner or group id) and t (save text - sticky). Letters u, g, or o indicate that permission is to be taken from the current mode. Omitting permission is only useful with = to take away all permissions. When the -R option is given, chmod recursively descends its directory arguments setting the mode for each file as described above. When symbolic links are encountered, their mode is not changed and they are not traversed. If the -f option is given, chmod will not complain if it fails to change the mode on a file. EXAMPLES
The first example denies write permission to others, the second makes a file executable by all if it is executable by anyone: chmod o-w file chmod +X file Multiple symbolic modes separated by commas may be given. Operations are performed in the order specified. The letter s is only useful with u or g. Only the owner of a file (or the super-user) may change its mode. SEE ALSO
ls(1), chmod(2), stat(2), umask(2), chown(8) 7th Edition May 22, 1986 CHMOD(1)
All times are GMT -4. The time now is 07:04 AM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy