Hi Joe,<br><br><div class="gmail_quote">On Wed, Aug 8, 2012 at 7:08 PM,  <span dir="ltr">&lt;<a href="mailto:joe@actionline.com" target="_blank">joe@actionline.com</a>&gt;</span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<br>
Question about rwxrwxrwx files and/or dirs<br>
<br>
Lisa&#39;s reply to Keith prompted me to wonder if I perhaps had any rwxrwxrwx<br>
files or drwxrwxrwx directories on my system that might be a security<br>
risk. So, while I don&#39;t know how to search the entire hard disk for such<br>
files, I used variants of the following syntax to search for some.<br>
<br>
$ ls -ltr */* | fgrep rwxrwxrwx<br>
srwxrwxrwx 1 joe joe 0 Aug  7 11:35 mysql.socket=<br>
<br>
Another similar found this:<br>
srwxrwxrwx  1 joe joe 0 Aug  7 11:35 tmp/akonadi-joe.nMNQOV/mysql.socket=<br>
<br>
Another similar found this: /home/joe/mydata/graphics/psp<br>
drwxrwxrwx 3 joe    4096 Dec 12  2003 Freebies<br>
<br>
Another similar found a whole lot of: lrwxrwxrwx<br>
<br>
Do any of these suggest a security risk?<br>
Is there a better way to search more comprehensively for others?<br>
What, if anything, could I or should I do to eliminate a risk?<br><br></blockquote><div> If these are actually serving content to the world and you have a ftp php application like wordpress does (and Apache does) served from DocumentRoot (or with symlinks outside DocumentRoot and FollowSymlinks allowed, you could have a security issue.<br>
</div></div><br>If you don&#39;t have any website on that server and are not allowing user shell or xterm accounts, you are probably fine.<br>-- <br>(503) 754-4452 Android<br>(623) 239-3392 Skype<br>(623) 688-3392 Google Voice<br>
**<br><a href="http://it-clowns.com" target="_blank"></a>Safeway.com<br>Automation Engineer<br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br>