Summary:Solaris 2.6 Group Write Permissions

From: Mark_Conroy@em.fcnbd.com
Date: Fri Sep 26 1997 - 08:24:26 CDT


     Thanks to all who responded. The couple of responses I received
     indicated that the directories should not be group writable, but the
     members of the group pose no real security threat.
     
     Another response was to point me to a script that will change the
     permissions of many files. This will be somthing worth looking into.
     
     Thanks again to:
     
     Michael Hill
     Casper Dik
     
     
     The following are their responses:
     
     
     
     There shouldn't be any problem doing so. But only the root, bin, sys,
     and adm accounts are in the group sys by default; the first should be
     tightly controlled, obviously, and the latter three shouldn't ever be
     logged into anyway. So unless you're handing out membership in group
     sys, it's not likely to be much of a security breach to have these
     group-writable. Having /dev/*mem and /dev/*dsk/c?t* (i.e. memory and
     the disk devices) readable by group sys is much more likely to be a
     problem if there were users in that group.
     
     --
     --Michael
     
     
     
     
     There's no reason for them to be group writable.
     
     
     Sun really ought to fix the permissions of those files; but it's been
     an uphill battle from within.
     
     There's some software I wrote to do thsi automatically:
     
     ftp.wins.uva.nl:/pub/solaris/auto-install/*
     
     
     the tar.gz file contains a script and a program that fixes ownership
     and permissions to mroe sane values.
     
     It creates an undo file so you can undo it if it breaks anything. By
     using my program, patches can still be applied.
     
     Casper



This archive was generated by hypermail 2.1.2 : Fri Sep 28 2001 - 23:12:04 CDT