Home arrow Security arrow Page 4 - Unix Host Security: Hacks 1-10

Scan For World- and Group-Writable Directories Hack #3 - Security

Security isn't a noun, it's a verb; not a product, but a process. Today, learn the hacks involved in reducing the risks involved in offering services on a Unix-based system. This the first part of chapter one in Network Security Hacks, by Andrew Lockhart (ISBN 0-596-00643-8, O'Reilly & Associates, 2004).

  1. Unix Host Security: Hacks 1-10
  2. Secure Mount Points Hack #1
  3. Scan for SUID and SGID Programs Hack #2
  4. Scan For World- and Group-Writable Directories Hack #3
  5. Create Flexible Permissions Hierarchies w/ith POSIX ACLs Hack #4
  6. Protect Your Logs from Tampering Hack #5
  7. Delegate Administrative Roles Hack #6
  8. Automate Cryptographic Signature Verification Hack #7
  9. Check for Listening Services Hack #8
  10. Prevent Services from Binding to an Interface Hack #9
  11. Restrict Services with Sandboxed Environments Hack #10
By: O'Reilly Media
Rating: starstarstarstarstar / 37
May 04, 2004

print this article



Quickly scan for directories with loose permissions.

World- and group-writable directories present a problem: if the users of a system have not set their umask properly, they will inadvertently create insecure files, completely unaware of the implications. With this in mind, it seems it would be good to scan for directories with loose permissions. Much like “Scan for SUID and SGID Programs” [Hack #2], this can be accomplished by running the find command:

# find / -type d \( -perm -g+w -o -perm -o+w \) -exec ls -lad {} \;

Any directories that are listed in the output should have the sticky bit set, which is denoted by a t in the directory’s permission bits. A world-writable directory with the sticky bit set ensures that even though anyone may create files in the directory, they may not delete or modify another user’s files. If you see a directory in the output that does not contain a sticky bit, consider whether it really needs to be world-writable or whether the use of groups or ACLs [Hack #4] will work better for your situation. If you really do need the directory to be world-writable, set the sticky bit on it using chmod +t.

To get a list of the directories that don’t have their sticky bit set, run this:

# find / -type d \( -perm -g+w -o -perm -o+w \) \
-not -perm -a+t -exec ls -lad {} \;

If you’re using a system that creates a unique group for each user (e.g., you create a user andrew, which in turn creates a group andrew as the primary group), you may want to modify the commands to not scan for group-writable directories. (Otherwise, you will get a lot of output that really isn’t pertinent.) To do this, run the command without the -perm -g+w portion.

Buy the book!If you've enjoyed what you've seen here, or to get more information, click on the "Buy the book!" graphic. Pick up a copy today!

Visit the O'Reilly Network http://www.oreillynet.com for more online content.

>>> More Security Articles          >>> More By O'Reilly Media

blog comments powered by Disqus
escort Bursa Bursa escort Antalya eskort


- Secure Your Business for Data Privacy Day
- Google Testing Security Fob Password Alterna...
- Security News Highlights Concerns
- Going to Extremes for Data Security
- Skipfish Website Vulnerability Scanner
- Critical Microsoft Visual Studio Security Pa...
- US Faces Tech Security Expert Deficit
- LAN Reconnaissance
- An Epilogue to Cryptography
- A Sequel to Cryptography
- An Introduction to Cryptography
- Security Overview
- Network Security Assessment
- Firewalls
- What’s behind the curtain? Part II

Developer Shed Affiliates


Dev Shed Tutorial Topics: