Hello, everyone..I running Sun Solaris 8 and I wanted to know all the directories/files with SGID and SUID bit set. So I ran a find on 02000 and 04000 to find all files and directories with sgid/suid bit set...I saw the list and I wanted to know how can I determine what files/directories are needed by the sgid/suid for the OS to run properly...What I want are the files/directories that don't need the bit set. How can I determine what to change and what not to change????
Tek-Tips is the largest IT community on the Internet today!
Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!
-
Congratulations Chriss Miller on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!
SGID and SUID Bit issue 1
- Thread starter menace212
- Start date
-
1
- #3
There is a program called fix-modes, written by Casper Dik. It will go through and remove all uneccesary SGID and SUID files on your system. I have used it plenty of times it is a great program. Google for it, I think Sun also has a link to it from there webpage.
- Thread starter
- #5
- Thread starter
- #6
I uninstalled the package and I attempted to run fix-modes, but it gave me an error of it could not find secure-modes...There is a secure-modes file but it's in C.Do I have to run the secure-modes c program first..How do I go about running fix-modes....
needs to be compiled first - get back to google
quoted from
"The Solaris OE ships with some file system permissions that should be
adjusted for security reasons. Many files and directories have the group
write bit set. In most instances, this permission is not necessary and
should be switched off. Casper Dik has created a tool to adjust these
permissions. The tool is called fix-modes and can be downloaded from:
ftp://ftp.wins.uva.nl/pub/solaris/fix-modes.tar.gz
Please note that this tool is not supported by Sun. The fix-modes program
must be compiled on a Solaris OE system with a C compiler. Once compiled,
install the fix-modes files and execute it to correct file system
permissions. This tool has been used in production environments for
several years with no reported problems. Be careful when installing
patches and new packages. These may set permissions back to the original
state. fix-modes should be executed after all packages are installed and
all patches are applied. "
HTH,
p5wizard
quoted from
"The Solaris OE ships with some file system permissions that should be
adjusted for security reasons. Many files and directories have the group
write bit set. In most instances, this permission is not necessary and
should be switched off. Casper Dik has created a tool to adjust these
permissions. The tool is called fix-modes and can be downloaded from:
ftp://ftp.wins.uva.nl/pub/solaris/fix-modes.tar.gz
Please note that this tool is not supported by Sun. The fix-modes program
must be compiled on a Solaris OE system with a C compiler. Once compiled,
install the fix-modes files and execute it to correct file system
permissions. This tool has been used in production environments for
several years with no reported problems. Be careful when installing
patches and new packages. These may set permissions back to the original
state. fix-modes should be executed after all packages are installed and
all patches are applied. "
HTH,
p5wizard
KenCunningham
Technical User
If you haven't a C compiler at the moment, get gcc from
Yes, you need a C compiler follow KenCunningham's advice and get gcc. Also after you compile it place fix-modes and secure-modes in the same directory, the fix-modes is a wrapper script for secure-modes. Also from now on when you install patches you will want to run fix-modes -u first to undo changes, then re-run it after patch installation. The cluster patches will set the permissions and files back and mess up the fix-modes config. You can look at the files it changes under /var/sadm/install/contents.mods I believe.
- Status
Similar threads
- Locked
- Question
- Locked
- Question