Archive for the tag 'Bits'

Security - verify that All World-Writable Directories Have Sticky Bits Set

Locate any directories in local partitions which are world-writable and do not have their sticky bits set. The following command will discover and print these. Run it once for each local partition:

# find PARTITION -xdev -type d \( -perm -0002 -a ! -perm -1000 \) -print

If this command produces any output, fix each reported directory /dir using the command:

# chmod +t /dir

When the so-called “sticky bit” is set on a directory, only the owner of a given file may remove that file from the directory. Without the sticky bit, any user with write access to a directory may remove any file in the directory. Setting the sticky bit prevents users from removing each other’s files. In cases where there is no reason for a directory to be world-writable, a better solution is to remove that permission rather than to set the sticky bit.