first thank you to everyone who replyed.
pirie_at_u.washington.edu, dallaire_at_total.net, del_at_intranet.com,
sheehan_at_scripps.edu, lucio_at_ifctr,mi.cnr.it, coxa_at_eris.private.cableol.net,
arne_at_steinkamm.com, jason_at_dstc.edu.au, stevev_at_hexadecimal.uoregon.edu
my original post was...
|
|the /tmp directory defaults with the save text permission; or the
|sticky bit set. according to the du man pages...
|
| If a directory has this bit set, then deletion in it is restricted.
| An entry in a sticky directory can only be removed or renamed by a
| user if the user has write permission for the directory and the
| user is the owner of the file, the owner of the directory, or
| the superuser.
|
|is there any reason why I can not remove this permission from the
|directory? it is causing problems with some of our users.
every one that replied said that yes you can remove the sticky bit
from /tmp but look out for the following issues.
1) users can delete files that do not belong to them;
causing other applications to crash, lose data, &c.
2) Willie Hacker can create and modify a file owned
by root. this file could possibly substitute nifty
shell commands that grant root access; or other fun
stuff like that.
all the responses seemed to suggested it would be better to correct the
software that is generating the files in /tmp than end up getting
tripped over later.
after consulting with the software provider on this issue, a company rep.
stated that this security hole was not an issue at other sites and changeing
the software would require a rewrite of the "core code". the other
sites; aix shops, turn the sticky bit off.
thank you for your time.
+--------------------------+------------------------------------------------+
|H. Blakely Williford | Men never do evil so completely and cheerfully |
|Systems Administrator | as when they do it from religious conviction. |
|The Fuller Brush Company | - Pascal |
+--------------------------+------------------------------------------------+
Received on Wed Nov 06 1996 - 20:57:20 NZDT