Everyone,
I just noticed that the permissions on /usr/sbin/wall are set to:
# ls -lad /usr/sbin/wall
-rwxr-s--x 1 bin terminal 24576 Dec 29 1997 /usr/sbin/wall
This is on a variety of 4.0A to 4.0D machines....
It doesn't seem right that as a default, the wall command can be used by
any user at all? Should we lock this down in any way? Does anyone else
change the permissions on either this command or the above /usr/sbin
directory to tighten up security a little?
It's not just the wall command, it's the entire /usr/sbin directory that is
set to this:
# ls -lad /usr /usr/sbin /usr/sbin/wall
drwxr-xr-x 35 root system 8192 Sep 3 14:38 /usr
drwxr-xr-x 3 root system 16384 Aug 26 15:38 /usr/sbin
/usr/sbin seems to be wide open... Most of the files in there a regular
user can't run even thought the bits are set for world to run. But when you
run edquota for example it will tell you to that the permission is denied:
# /usr/sbin/edquota thomask
edquota: permission denied
But things like lpc restart are possible from a non-privaleged user... That
means that someone can restart all the queues on the unix machine... they
can disable or stop the queue - but they most certainly can restart a
queue. There must be other things in there a general user can run too....
So the questions really is why are the permissions on /usr/sbin so wide
open? And what are people doing to close it down?
Karen
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Karen Thomas
Assistant Director Information Systems
Connecticut State University System Office
Phone: (860) 493-0118
Fax: (860) 493-0026
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Received on Mon Sep 21 1998 - 17:59:14 NZST