Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: Removing setuid option for security.
Top Forums UNIX for Dummies Questions & Answers Removing setuid option for security. Post 302474612 by methyl on Wednesday 24th of November 2010 07:31:11 PM
Old 11-24-2010
Broadly I agree with frank_rizzo but you have yet again failed to state the Operating System or the intended purpose of the computer which you are "hardening".

If this server hosts say 10,000 user accounts you may find that hardening the permissions on the "passwd" command will keep you fully occupied with call tickets.

Your reference document is clearly for hardening the security of a RHEL database server in a student environment where hacking is a real danger.

General advice:
Do not change the SUID or SGID permissions on system commands.
However there is sometimes good reason to remove "other" execute permissions on certain commands because Linux "out of the box" will allow users to do things which are undesirable. Top of the list would be "mount". This assumes that you have allowed Shell access at all.
 

10 More Discussions You Might Find Interesting

1. UNIX for Advanced & Expert Users

setuid

I have a C wrapper programme which basically execute a shell script. The shell script has 700 as permission and oracle is owner of the shell script. The C execuatble has 4711 permission so that means that it has setuid bit set and group and others can execute the C executable. The reason why I am... (2 Replies)
Discussion started by: sanjay92
2 Replies

2. UNIX for Dummies Questions & Answers

help removing dashes from social security number

I have a file containing social security numbers with the format ###-##-####. I need to read each record in this file, reformat the SSN to the format #########, and write the record with the reformatted SSN to a new file. I am a UNIX newbie. I think I need to use either the sed or awk commands, but... (2 Replies)
Discussion started by: Marcia P
2 Replies

3. UNIX for Dummies Questions & Answers

setuid

could u plz give me clear idea of spcial permissions setuid,getuid and striky bit . (1 Reply)
Discussion started by: Prem
1 Replies

4. UNIX for Dummies Questions & Answers

No Password - - Setuid Only Option in Solaris 10

In Solaris 9, when I built users, there was an option for No Password -- Setuid Only. Now that I'm using Solaris 10, I no longer can find that option. Is there an equivalent option of No Password --Setuid Only in Solaris 10? Thanks, LeonD (1 Reply)
Discussion started by: leond
1 Replies

5. Shell Programming and Scripting

option followed by : taking next option if argument missing with getopts

Hi all, I am parsing command line options using getopts. The problem is that mandatory argument options following ":" is taking next option as argument if it is not followed by any argument. Below is the script: while getopts :hd:t:s:l:p:f: opt do case "$opt" in -h|-\?)... (2 Replies)
Discussion started by: gurukottur
2 Replies

6. Solaris

Removing ro option from zones

Hey all, I need to remove the ro option from an fs on a zone. Does anyone know how to do this without removing the fs and recreating it? fs: dir: /home/em23/prod special: /export/zones/em23/root/ftp/prod raw not specified type: lofs options: (1 Reply)
Discussion started by: em23
1 Replies

7. Solaris

setuid and guid

Hi All, Can someone give me some info about setuid or guid topic? Also about sticky bit. Thanks in advance, itik (9 Replies)
Discussion started by: itik
9 Replies

8. Shell Programming and Scripting

recently introduced to the newer option for find...does an older option exist?

To find all the files in your home directory that have been edited in some way since the last tar file, use this command: find . -newer backup.tar.gz Is anyone familiar with an older solution? looking to identify files older then 15mins across several directories. thanks, manny (2 Replies)
Discussion started by: mr_manny
2 Replies

9. Solaris

Need help with setuid.

Hi Gurus, I need your suggestions,to implement setuid. Here is the situation. I have a user xyz on a solaris zone.He needs to install a package using a pkgadd command but i guess only a root can run that .Is there any way I can set the setuid bit on the pkgadd which is in the location... (6 Replies)
Discussion started by: rama krishna
6 Replies

10. UNIX for Beginners Questions & Answers

What keeps me from abusing setuid(0) and programs with setuid bit set?

Just learning about the privilege escalation method provided by setuid. Correct me if I am wrong but what it does is change the uid of the current process to whatever uid I set. Right ? So what stops me from writing my own C program and calling setuid(0) within it and gaining root privileges ? ... (2 Replies)
Discussion started by: sreyan32
2 Replies

LEARN ABOUT NETBSD

intro

INTRO(7)					       BSD Miscellaneous Information Manual						  INTRO(7)

NAME

     intro -- miscellaneous information pages

DESCRIPTION

     This section contains miscellaneous documentation, including:

	   ascii(7)	    map of ASCII character set

	   c(7) 	    the C programming language

	   environ(7)	    user environment

	   glob(7)	    shell-style pattern matching

	   hier(7)	    file system hierarchy in NetBSD

	   hostname(7)	    host name resolution description

	   mailaddr(7)	    mail addressing description

	   mdoc(7)	    macros for typesetting -mdoc style manual pages

	   mdoc.samples(7)  tutorial for writing BSD manuals with -mdoc

	   module(7)	    kernel modules

	   nls(7)	    overview of national language support

	   operator(7)	    C operator precedence and order of evaluation

	   orders(7)	    orders of magnitude

	   pkgsrc(7)	    the NetBSD packages collection

	   release(7)	    layout of NetBSD releases and snapshots

	   script(7)	    how interpreter scripts are executed

	   security(7)	    security features available in NetBSD

	   setuid(7)	    checklist for security and setuid programs

	   signal(7)	    available signals under NetBSD

	   sticky(7)	    sticky bit (S_ISVTX) handling

	   symlink(7)	    symbolic link handling

	   sysctl(7)	    system information variables in NetBSD

	   tests(7)	    NetBSD test suite

HISTORY

     The intro(7) manual page appeared in 4.2BSD.

BSD
								  March 18, 2011							       BSD
All times are GMT -4. The time now is 06:41 AM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy