Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: secure file permissions!
Operating Systems Linux Red Hat secure file permissions! Post 302484287 by Corona688 on Thursday 30th of December 2010 11:54:25 AM
Old 12-30-2010
Quote:
Originally Posted by shreeda
Thanks a lot for the reply. But I have similar permissions on hardened solaris systems!!
Linux is not Solaris.
Quote:
That's why I was thinking about such a change. Just curious, are these changes on the weaker side because of the group? Or is there anything else?
You're messing with the files that allow you to log into the system! One mistake and you lock yourself out so hard you need a recovery cd to fix it. Even what you get on this 'hardened' Solaris system may not be what you get on other Solaris systems. blindly copying it may lead to disaster. It might be in your interest to find out what these permissions actually mean, what they actually do, and why Solaris actually has them before duplicating them. It'd also be good to find out all the changes made for hardening that system, not just the ones you happened to notice, because they may not work right unless you make all of them.

Furthermore: Linux is not Solaris. You must also check if they're meaningful outside Solaris.

The 'sys' group for instance: What does it do? Who's in it? What permissions is 'sys' membership supposed to grant, what utilities respect it, etc, etc. It's not used at all on my Linux system, blindly changing the permissions would just evict everyone and everything in the root group from rightful access.

Also: changing 644 to 444 on /etc/passwd, or 000 to 600 for /etc/shadow. These are useless. Root can write to any file, even ones set 000.

And you don't want to mess with the password and shadow files. At all. Ever. They weren't "soft" and never needed "hardening". They may require certain file permissions, programs using them may refuse to operate if they don't!

When in doubt, don't. These files weren't "soft" in the first place. Any actual security problems will lie in more subtle things.
 

9 More Discussions You Might Find Interesting

1. Solaris

Secure FTP Problem using Sun SSH on Client system F-Secure on Server system

I am using shell script to do secure ftp. I have done key file setup to do password less authentication. Following are the FTP Details: FTP Client has Sun SSH. FTP Server has F-Secure. I am using SCP Command to do secure copy files. When I am doing this, I am getting the foll error scp:... (2 Replies)
Discussion started by: ftpguy
2 Replies

2. Cybersecurity

Secure File Transfer for Mainframe systems

Hi guys, I would like to transfer files from UNIX machine to Mainframe system (using UNIX machine as client). The transfer process needs to be secure (i.e. data sent thro network should be encrypted using 128-bit encryption algorithm). I came to know that SFTP server is not available for Mainframe... (3 Replies)
Discussion started by: sydneymoon
3 Replies

3. Shell Programming and Scripting

Question about secure file transfer

Hi all, I am running a large scale business and some time I have to transfer large and very important data files to my business partner. I fear about my data because there are many of my business competitors who will definitely try to steal my important data. So there is huge amount of risk... (0 Replies)
Discussion started by: camden
0 Replies

4. Shell Programming and Scripting

Secure File Transfer Protocol

Hi, Is there any protocol other than SFTP to transfer the file using secured connection SSH. ? Regards, Arthik (2 Replies)
Discussion started by: arthikbabu
2 Replies

5. HP-UX

To give the "unzip" permissions & "create" file permissions

Hi, I am a Unix Admin. I have to give the permissions to a user for creating new file in a directory in HP-Ux 11.11 system since he cannot able to create a new file in the directory. Thanks in advance. Mike (3 Replies)
Discussion started by: Mike1234
3 Replies

6. Solaris

No such file in secure directories ?

Dear All, I have a problem with starting process of crystal report by running script(ccm.sh, bobjerestart.sh). I found these error ld.so.1: nohup: warning: libhoard.so.1: open failed: No such file in secure directories ld.so.1: sh: warning: libhoard.so.1: open failed: No such... (0 Replies)
Discussion started by: unitipon
0 Replies

7. UNIX for Advanced & Expert Users

Secure FTP corrupts file

Sun Microsystems Inc. SunOS 5.9 I am hoping someone has come across this before. I have a script that transfers several gz files via Secure FTP across to an SFTP server on an NT machine. The transfers show as successful: pack12_200812160337.tar.gz | 768kB | 768kB/s | ETA: 00:00:01 | 37%... (5 Replies)
Discussion started by: ronnie_uk
5 Replies

8. Shell Programming and Scripting

ksh; Change file permissions, update file, change permissions back?

Hi, I am creating a ksh script to search for a string of text inside files within a directory tree. Some of these file are going to be read/execute only. I know to use chmod to change the permissions of the file, but I want to preserve the original permissions after writing to the file. How can I... (3 Replies)
Discussion started by: right_coaster
3 Replies

9. UNIX for Dummies Questions & Answers

Copying a file from secure host to desktop

I have extremely limited programming experience so please go slowly! I am remotely logged in to a secure network cluster via my username at my school through terminal. I'm trying to download a file from my account on the cluster to my desktop on a guest account on my mac. I tried doing this:... (1 Reply)
Discussion started by: smashingdols
1 Replies

LEARN ABOUT NETBSD

dh_fixperms

DH_FIXPERMS(1)                                                       Debhelper                                                      DH_FIXPERMS(1)

NAME

       dh_fixperms - fix permissions of files in package build directories

SYNOPSIS

       dh_fixperms [debhelperoptions] [-Xitem]

DESCRIPTION

       dh_fixperms is a debhelper program that is responsible for setting the permissions of files and directories in package build directories to
       a sane state -- a state that complies with Debian policy.

       dh_fixperms makes all files in usr/share/doc in the package build directory (excluding files in the examples/ directory) be mode 644. It
       also changes the permissions of all man pages to mode 644. It removes group and other write permission from all files. It removes execute
       permissions from any libraries, headers, Perl modules, or desktop files that have it set. It makes all files in the standard bin and sbin
       directories, usr/games/ and etc/init.d executable (since v4). Finally, it removes the setuid and setgid bits from all files in the package.

       When the Rules-Requires-Root field has the (effective) value of binary-targets, dh_fixperms will also reset the ownership of all paths to
       "root:root".

OPTIONS

       -Xitem, --exclude item
           Exclude files that contain item anywhere in their filename from having their permissions changed. You may use this option multiple
           times to build up a list of things to exclude.

SEE ALSO

       debhelper(7)

       This program is a part of debhelper.

AUTHOR

       Joey Hess <joeyh@debian.org>

11.1.6ubuntu2                                                       2018-05-10                                                      DH_FIXPERMS(1)
All times are GMT -4. The time now is 10:56 AM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy