|
|
Sponsored Content
Operating Systems
Solaris
Unix file, folder permissions, security auditing tools.
Post 302500726 by bartus11 on Tuesday 1st of March 2011 11:15:05 AM
03-01-2011
|
|
7 More Discussions You Might Find Interesting
1. Cybersecurity
I am starting an audit of unix security within our company and am looking for any information that may assist me with this. I am looking for any tips or pointers that I should be aware of when looking at unix. I am very new to unix so any help will do. Maybe there is someone out the that has had... (3 Replies)
Discussion started by: GW01
3 Replies
2. UNIX for Advanced & Expert Users
Hello,
What does the following mean in terms of file permissions.
-rw-rwSrw- 1 owner group 999 May 25 2004 file_name
What does the "S" stand for.
Thanks in advance for your input. :) (3 Replies)
Discussion started by: jerardfjay
3 Replies
3. Windows & DOS: Issues & Discussions
I work for a big company and all the people within my unit share a common drive to save documents to. I am listed in the group(AMS group) that has access rights to folders within this drive. but i'm trying to restrict access to a confidential folder so that only I can access it.
when I set the... (0 Replies)
Discussion started by: shed
0 Replies
4. Cybersecurity
Hello,
If you are interested in security, check out this new directory of unix and linux related software tools.
Security - Links
If you have any of your favorite tools, feel free to add them to the directory. (0 Replies)
Discussion started by: Neo
0 Replies
5. Shell Programming and Scripting
I want to change one of my Dir permissions to drwx--S--- Can you tell me which number i have to use.
Thanks in Advance (4 Replies)
Discussion started by: veeru
4 Replies
6. Tips and Tutorials
Introduction
I have seen some misinformation regarding Unix file permissions. I will try to set the record straight. Take a look at this example of some output from ls:
$ ls -ld /usr/bin /usr/bin/cat
drwxrwxr-x 3 root bin 8704 Sep 23 2004 /usr/bin
-r-xr-xr-x 1 bin bin ... (6 Replies)
Discussion started by: Perderabo
6 Replies
7. Ubuntu
Hi Team,
I want to set permissions to one folder in such a way that the user can write files or create folder inside that but should not able to delete it.
Basically reason behind this is i am using Pidgin Messenger. There is a directory of logs in which, when user chat its store his logs.... (2 Replies)
Discussion started by: paragnehete
2 Replies
LEARN ABOUT SUNOS
cklist.med
asetmasters(4) File Formats asetmasters(4) NAME
asetmasters, tune.low, tune.med, tune.high, uid_aliases, cklist.low, cklist.med, cklist.high - ASET master files SYNOPSIS
/usr/aset/masters/tune.low /usr/aset/masters/tune.med /usr/aset/masters/tune.high /usr/aset/masters/uid_aliases /usr/aset/masters/cklist.low /usr/aset/masters/cklist.med /usr/aset/masters/cklist.high DESCRIPTION
The /usr/aset/masters directory contains several files used by the Automated Security Enhancement Tool (ASET). /usr/aset is the default operating directory for ASET. An alternative working directory can be specified by the administrators through the aset -d command or the ASETDIR environment variable. See aset(1M). These files are provided by default to meet the need of most environments. The administrators, however, can edit these files to meet their specific needs. The format and usage of these files are described below. All the master files allow comments and blank lines to improve readability. Comment lines must start with a leading "#" character. tune.low These files are used by the tune task (see aset(1M)) to restrict the permission settings for system objects. Each file is tune.med used by ASET at the security level indicated by the suffix. Each entry in the files is of the form: tune.high pathname mode owner group type where pathname is the full pathname mode is the permission setting owner is the owner of the object group is the group of the object type is the type of the object It can be symlink for a symbolic link, directory for a directory, or file for everything else. Regular shell wildcard ("*", "?", ...) characters can be used in the pathname for multiple references. See sh(1). The mode is a five-digit number that represents the permission setting. Note that this setting represents a least restrictive value. If the current setting is already more restrictive than the specified value, ASET does not loosen the permission settings. For example, if mode is 00777, the permission will not be changed, since it is always less restrictive than the current setting. Names must be used for owner and group instead of numeric ID's. ? can be used as a "don't care" character in place of owner, group, and type to prevent ASET from changing the existing values of these parameters. uid_alias This file allows user ID's to be shared by multiple user accounts. Normally, ASET discourages such sharing for accountabil- ity reason and reports user ID's that are shared. The administrators can, however, define permissible sharing by adding entries to the file. Each entry is of the form: uid=alias1=alias2=alias3= ... where uid is the shared user id alias? is the user accounts sharing the user ID For example, if sync and daemon share the user ID 1, the corresponding entry is: 1=sync=daemon cklist.low These files are used by the cklist task (see aset(1M)), and are created the first time the task is run at the low, medium, cklist.med and high levels. When the cklist task is run, it compares the specified directory's contents with the appropriate cklist.high cklist.level file and reports any discrepancies. EXAMPLES
Example 1: Examples of Valid Entries for the tune.low, tune.med, and tune.high Files The following is an example of valid entries for the tune.low, tune.med, and tune.high files: /bin 00777 root staffsymlink /etc 02755 root staffdirectory /dev/sd* 00640 rootoperatorfile SEE ALSO
aset(1M), asetenv(4) ASET Administrator Manual SunOS 5.10 13 Sep 1991 asetmasters(4)