Never make files world-writable, search for world-writable files in the current directory.
find . -perm -2 -print
Find directory with 777 permission.
find . -type d -perm 777search for suid and sgid files.
find / -type f -perm +6000 -lssearch the /dev directory for world writable files.
find /dev -perm -2 -printTo find all files for particular user
find / -user nobody -ls (where nobody is the username)
To locate all world-writable files on your system, use the following command:
root# find / -perm -2 ! -type l -ls
In the normal course of operation, several files will be world-writable, including some from /dev, and symbolic links, thus the "! -type l" which excludes these from the previous find command.
SUID commands
The SUID mechanism allow ordinary users to temporarily access some files with the rights of file's owner.
For example it is possible (by passwd command) to change his password, writing in /etc/passwd which is owned by root, because /bin/passwd is executable by anybody but SUID for root ; when executing passwd the real user id (user who runs the command) is different from the effective user id (root) necessary to write in /etc/passwd
SUID is indicated by a 's' in place of 'x' for the owner-execute permission : -rwsr-xr-x
in octal notation a SUID program is indicated by 04???
SGID is similar for the group permissions : 02???
Setting permission correctly.
You can use these commands to set 755 on directories and 644 on files
find -type f -exec chmod 644 {} \;
find -type d -exec chmod 755 {} \;
ليست هناك تعليقات:
إرسال تعليق