Manualshelf

User's Manual

ManualsBrandsSolaris ManualsSoftwareCX-310-301
51525354555657585960
Solaris 9 Security CX-310-301 57
¾ Directories
Read – This allows the directory to be read, but the files cannot be listed
Write – This allows files to be created, renamed and deleted, regardless of the individual
permissions set on a file within the directory
Execute – This allows the directory to be listed
¾ Files
Read – This allows a file to be read and copied
Write – This allows a file to be written, but it should be noted that this permission alone
does not allow read access as well, nor does it allow a file to be deleted
Execute – A compiled program can be executed, but a shell script can only be executed if
read permission is also granted
The Set-Uid and Set-Gid Permissions
In addition to the three categories of permission mentioned above, there are two further permissions that
possess the ability to cause serious damage if they are not used with extreme caution. The set-uid
permission, when set on a program or shell script, will assume the owner’s privileges when executed.
Similarly, the set-gid permission will assume the group owner’s privileges.
To implement the set-uid permission, use the chmod command, in either symbolic or absolute mode. The
following example shows how to apply the set-uid permission to the script, test.sh, which already has a
permission of 755 ( or rwxr-xr-x ):
# chmod u+s test.sh
# chmod 4755 test.sh
Both of the above commands achieve the same thing.
To implement the set-gid permission for the same script:
# chmod g+s test.sh
# chmod 2755 test.sh
Implications of Lax File and Directory Permissions
The following list contains the potential risks of bad permission management:
¾ An attacker can install Trojan files easily and gain full control of the system
¾ The data is open to theft or malicious tampering
¾ Confidentiality and integrity of the data is compromised