Hi Joe, On Wed, Aug 8, 2012 at 7:08 PM, wrote: > > Question about rwxrwxrwx files and/or dirs > > Lisa's reply to Keith prompted me to wonder if I perhaps had any rwxrwxrwx > files or drwxrwxrwx directories on my system that might be a security > risk. So, while I don't know how to search the entire hard disk for such > files, I used variants of the following syntax to search for some. > > $ ls -ltr */* | fgrep rwxrwxrwx > srwxrwxrwx 1 joe joe 0 Aug 7 11:35 mysql.socket= > > Another similar found this: > srwxrwxrwx 1 joe joe 0 Aug 7 11:35 tmp/akonadi-joe.nMNQOV/mysql.socket= > > Another similar found this: /home/joe/mydata/graphics/psp > drwxrwxrwx 3 joe 4096 Dec 12 2003 Freebies > > Another similar found a whole lot of: lrwxrwxrwx > > Do any of these suggest a security risk? > Is there a better way to search more comprehensively for others? > What, if anything, could I or should I do to eliminate a risk? > > If these are actually serving content to the world and you have a ftp php application like wordpress does (and Apache does) served from DocumentRoot (or with symlinks outside DocumentRoot and FollowSymlinks allowed, you could have a security issue. If you don't have any website on that server and are not allowing user shell or xterm accounts, you are probably fine. -- (503) 754-4452 Android (623) 239-3392 Skype (623) 688-3392 Google Voice ** Safeway.com Automation Engineer