
	Home > Security Tips > Tech Tips > Part 10: Set file permissions

Security Tips:

EMAIL THIS

TIPS & NEWSLETTERS TOPICS

TECH TIPS

Part 10: Set file permissions

Gary Smith
10.28.2002
Rating: --- (out of 5)

Digg This!

StumbleUpon

Del.icio.us

Set File Permissions
Limit non-root Access to System Files and Directories
Make the following changes from the command line:

chown root /etc/mail/aliases

chmod 644 /etc/mail/aliases
chmod 444 /etc/default/login
chmod 750 /etc/security

chmod 000 /usr/bin/at
chmod 500 /usr/bin/rdist
chmod 400 /usr/sbin/snoop
chmod 400 /usr/sbin/sync
chmod 400 /usr/bin/uudecode
chmod 400 /usr/bin/uuencode

chmod u-s /usr/lib/fs/ufs/ufsdump
chmod u-s /usr/lib/fs/ufs/ufsrestore

Remove SetGID Permissions From System Files
Make the following manual changes.
chmod g-s /usr/bin/mail
chmod g-s /usr/bin/mailx
chmod g-s /usr/bin/write
chmod g-s /usr/bin/netstat
chmod g-s /usr/bin/nfsstat
chmod g-s /usr/bin/ipcs

chmod g-s /usr/sbin/arp
chmod g-s /usr/sbin/dmesg
chmod g-s /usr/sbin/prtconf
chmod g-s /usr/sbin/swap
chmod g-s /usr/sbin/sysdef
chmod g-s /usr/sbin/wall

chmod g-s /usr/lib/fs/ufs/ufsdump
chmod g-s /usr/lib/fs/ufs/ufsrestore

Prohibit the Execution of SetUID Programs
To prevent execution of setuid programs, use the nosuid option in /etc/vfstab.

The /usr file system contains some setuid executables essential to system operation. It is recommended it be mounted read-only instead of using the nosuid option.

/proc - /proc proc - no -
fd - /dev/fd fd - no -
swap - /tmp tmpfs - yes -
/dev/dsk/c0t3d0s1 - - swap - no -
/dev/dsk/c0t3d0s0 /dev/rdsk/c0t3d0s0 / ufs 1 no remount,nosuid
/dev/dsk/c0t3d0s4 /dev/rdsk/c0t3d0s4 /usr ufs 1 no ro
/dev/dsk/c0t3d0s5 /dev/rdsk/c0t3d0s5 /var ufs 1 no nosuid

Click here for the rest of this 12-part tip.

Rate this Tip

To rate tips, you must be a member of SearchSecurity.com.
Register now to start rating these tips. Log in if you are already a member.

BROWSE BY TAG
Tech Tips, VIEW ALL TAGS

Digg This! StumbleUpon Del.icio.us

RELATED CONTENT

Tech Tips

Video: The foundation of an email security strategy

The 5 A's of functional SAN security

Effective storage security policies

Smart options for safeguarding stored data

Outfox SOX: How to make regulations work for you

Roberta Bragg's 10 Windows hardening tips in 10 minutes

Using free network intrusion detection and prevention tools to stop hacks

Hacker techniques and exploits: Prevent system fingerprinting, probing

How to stop hacker theft: Employee awareness, risk assessment policies

Information Security Decisions Fall 2004: Speaker presentations

RELATED RESOURCES

2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems

Search Bitpipe.com for the latest white papers and business webcasts

Whatis.com, the online computer dictionary

DISCLAIMER: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.

Research Solutions for Network Security, Access Control and Security Threats

View this month\\'s issue and subscribe today.

Apply online for free conference admission.

SEARCH :

Site Index

TechTarget provides technology professionals with the information they need to perform their jobs - from developing strategy, to making cost-effective purchase decisions and managing their organizations' technology projects - with its network of technology-specific websites, events and online magazines.


TechTarget Corporate Web Site \| Media Kits \| Site Map All Rights Reserved, Copyright 2003 - 2009, TechTarget \| Read our Privacy Policy