Recent Changes - Search:

Softwares

.

Main /

SecuringANewLinuxServer

Locate and Remove SUID/SGID's SUID (set user ID) or a SGID (set group ID) program is one that allows an ordinary user to execute it with elevated privileges. 

   chmod +s myfile

The SUID/SGID bit can be removed with, for example, chmod -s

  • Sets the user ID bit on the file "myfile". The command: 
   chmod g+s myfile

STICKY DIRECTORIES 

       When the sticky bit is set on a directory, files in that directory may
       be unlinked or renamed only by  root  or  their  owner.   Without  the
       sticky bit, anyone able to write to the directory can delete or rename
       files.  The sticky bit is commonly found on directories, such as /tmp,
       that are world-writable.
  • To set the sticky bit in a directory, do the following: 
  chmod +t d/tmp


     [root@wordsworth /]# find / -perm -4000
     /bin/ping6
     /bin/umount
     /bin/traceroute6
     /bin/mount
     /bin/traceroute
     /bin/ping
     /bin/su

     [root@wordsworth /]# ll /bin/ping
    -rwsr-xr-x  1 root root 33272 May  4  2006 /bin/ping

Check -rwsr-xr-x

Edit - History - Print - Recent Changes - Search
Page last modified on April 25, 2009, at 04:45 PM