Re: Question about rwxrwxrwx files and/or dirs

Top Page
Attachments:
Message as email
+ (text/plain)
+ (text/html)
+ (text/plain)
Delete this message
Reply to this message
Author: Lisa Kachold
Date:  
To: Main PLUG discussion list
Subject: Re: Question about rwxrwxrwx files and/or dirs
Hi Joe,

On Wed, Aug 8, 2012 at 7:08 PM, <> wrote:

>
> Question about rwxrwxrwx files and/or dirs
>
> Lisa's reply to Keith prompted me to wonder if I perhaps had any rwxrwxrwx
> files or drwxrwxrwx directories on my system that might be a security
> risk. So, while I don't know how to search the entire hard disk for such
> files, I used variants of the following syntax to search for some.
>
> $ ls -ltr */* | fgrep rwxrwxrwx
> srwxrwxrwx 1 joe joe 0 Aug 7 11:35 mysql.socket=
>
> Another similar found this:
> srwxrwxrwx 1 joe joe 0 Aug 7 11:35 tmp/akonadi-joe.nMNQOV/mysql.socket=
>
> Another similar found this: /home/joe/mydata/graphics/psp
> drwxrwxrwx 3 joe    4096 Dec 12  2003 Freebies

>
> Another similar found a whole lot of: lrwxrwxrwx
>
> Do any of these suggest a security risk?
> Is there a better way to search more comprehensively for others?
> What, if anything, could I or should I do to eliminate a risk?
>
> If these are actually serving content to the world and you have a ftp php

application like wordpress does (and Apache does) served from DocumentRoot
(or with symlinks outside DocumentRoot and FollowSymlinks allowed, you
could have a security issue.

If you don't have any website on that server and are not allowing user
shell or xterm accounts, you are probably fine.
--
(503) 754-4452 Android
(623) 239-3392 Skype
(623) 688-3392 Google Voice
**
<http://it-clowns.com>Safeway.com
Automation Engineer
---------------------------------------------------
PLUG-discuss mailing list -
To subscribe, unsubscribe, or to change your mail settings:
http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss