Scan For World- and Group-Writable Directories
Quickly scan for directories with loose permissions.
World- and group-writable
directories present a problem: if the users of a system have not set
their umask properly, they will inadvertently
create insecure files, completely unaware of the implications. With
this in mind, it seems it would be good to scan for directories with
loose permissions. Much like
[Hack #2]
,
this can be accomplished by running the
find
command:
# find / -type d \( -perm -g+w -o -perm -o+w \) -exec ls -lad {} \;Any directories that are listed in the output should have the
sticky bit set, which is denoted by a
t in the directory’s permission
bits. A world-writable directory with the sticky bit set ensures that
even though anyone may create files in the directory, they may not
delete or modify another user’s files. If you see a
directory in the output that does not contain a sticky bit, consider
whether it really needs to be world-writable or whether the use of
groups or ACLs
[Hack #4]
will work better for your situation. If you really do need the
directory to be world-writable, set the sticky bit on it
using
chmod +t.
To get a list of the directories that don’t have their sticky bit set, run this:
#find / -type d \( -perm -g+w -o -perm -o+w \) \-not -perm -a+t -exec ls -lad {} \;
If you’re using a system that creates a unique group
for each user (e.g., you create a user andrew,
which in turn creates a group andrew as the primary group), you may want to ...