Solaris permission problem(newbie)

Mike Bilow mikebw at colossus.bilow.com
Fri Apr 28 08:41:58 EDT 2000 

I don't know what book you're reading, but /tmp and /var/tmp damn well
ought to be mode 1777 or everyone on the system can become root.
Especially on a Solaris machine where the exploit is well known and
publicly available, allowing anything other than 1777 is a recipe for
disaster.  While we're on this subject, /tmp and /var/tmp had also better
be owned by root.root, or similar kinds of bad things will occur.

(Note for the extreme newbie: if you find that "ls -l /tmp" shows you the
contents of /tmp rather than information about the directory itself, this
is because the command you want is "ls -ld /tmp" instead.)

In general, you should not be able to run out of space in /var.  The
difference between /var and /usr is that /var is always understood to be
local (that is, not NFS).  If you need scratch space, you can define a
mount point below /var.  This is common for security reasons, such as
putting /var/log onto WORM media.  Nothing says you have to mount whole
partitions onto the root directly; "mount /dev/hda5 /var/lib" might be
perfectly legal and appropriate if this is how you choose to do things.

-- Mike


On Wed, 19 Apr 2000, Jerry Feldman wrote:

> First, the permission of /var/tmp and /tmp should be 0777.
> RWX for everyone. 
> Secondly, some software hard codes /tmp and /var/tmp and /usr/tmp. 
> 
> If you moved /var/tmp elsewhere, you should make sure it has the correct 
> permissions.
> 
> Also, files in /var/adm generally are read/write by root only. 
> 
> On 19 Apr 2000, at 13:20, John Malloy wrote:
> 
> > 
> > I have a Solaris 2.6 machine at work.
> > 
> > We just rebooted and now are having a permission problem with the files.
> > 
> > Some files were moved out of  /var  to free up some space for patches.
> > 
> > I have a feeling that this caused the permission problem (especially
> > from /var/tmp).
> > 
> > How does this work?
> > 
> > Any suggestions?
> > 
> > Thanks!
> > 
> > --
> > 
> > John Malloy
> > jdm at world.std.com


-
Subcription/unsubscription/info requests: send e-mail with
"subscribe", "unsubscribe", or "info" on the first line of the
message body to discuss-request at blu.org (Subject line is ignored).

More information about the Discuss mailing list