LinuxQuestions.org
Did you know LQ has a Linux Hardware Compatibility List?
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices

Reply
 
Search this Thread
Old 05-30-2008, 06:08 AM   #1
mccartjd
Member
 
Registered: Apr 2008
Posts: 107

Rep: Reputation: 15
Smile World Writeable System Files


Hello,

As part of a security lockdown procedure, I need to account for many of the world writable system files on an installation.

These files in question here are:

srw-rw-rw- 1 root root 0 May 29 06:41 /etc/httpd/run/acpid.socket

srwxrwxrwx 1 root root 0 May 29 06:42 /etc/httpd/run/dbus/system_bus_socket

srwxrwxrwx 1 htt htt 0 May 29 06:42 /etc/httpd/run/iiim/.iiimp-unix/9010

srwxrwxrwx 1 canna canna 0 May 29 06:42 /etc/httpd/run/.iroha_unix/IROHA

Need these be of concern if httpd is not running? On the Web, I seem to be able to find only obscure references to irona, iiim, etc.

Thank you for any help,
John
 
Old 05-30-2008, 06:40 AM   #2
ilikejam
Senior Member
 
Registered: Aug 2003
Location: Glasgow
Distribution: Fedora / Solaris
Posts: 3,109

Rep: Reputation: 96
You're OK - acpid.socket allows any app to gather ACPI events, and system_bus_socket allows apps to talk to each other over the system bus - both of these should be available to all users.

If you're not running httpd, then there's most likely nothing listening on the other two sockets. You can check with:
Code:
netstat -pan | egrep 'iiimp|IROHA'
.

Dave
 
Old 05-30-2008, 07:10 AM   #3
mccartjd
Member
 
Registered: Apr 2008
Posts: 107

Original Poster
Rep: Reputation: 15
Typed command netstat -pan | egrep 'iiimp|IROHA' and results are below:


unix 2 [ ACC ] STREAM LISTENING 8667 4463/htt_server /va r/run/iiim/.iiimp-unix/9010

unix 2 [ ACC ] STREAM LISTENING 8662 4475/cannaserver /va r/run/.iroha_unix/IROHA

Based on the above what are your first thoughts?

If I'm not using Apache webserver was considering uninstalling the Apache in hopes of removing the httpd directory therefore removing the world writable system "files". I'm very new to LINUX and wondered if removing Apache "httpd -k uninstall" if it will cleanly remove the httpd directory and respective files and result in no damaging reprocutins? Can I just place the files in a directory only accessed by root thereby general users can not access the files (IROHA, 9010, system_bus_socket, acpid.socket)
 
Old 05-30-2008, 07:37 AM   #4
unSpawn
Moderator
 
Registered: May 2001
Posts: 26,990
Blog Entries: 54

Rep: Reputation: 2743Reputation: 2743Reputation: 2743Reputation: 2743Reputation: 2743Reputation: 2743Reputation: 2743Reputation: 2743Reputation: 2743Reputation: 2743Reputation: 2743
IIIM appears to be the "Internet/Intranet Input Method" server which Canna ties in to. if you don't write need Kanji etc input methods you could first try to remove iiim/canna and related packages.
 
Old 05-30-2008, 04:09 PM   #5
seraphim172
Member
 
Registered: May 2008
Posts: 101

Rep: Reputation: 15
iiimp and IROHA are not needed by Apache/Httpd, so removing Apache will not affect these in any way. I have Apache running without iiimp and IROHA. I guess they are rather related to canna or something else.

Linux Archive

Last edited by seraphim172; 06-25-2008 at 04:45 AM.
 
Old 05-30-2008, 06:58 PM   #6
sundialsvcs
Guru
 
Registered: Feb 2004
Location: SE Tennessee, USA
Distribution: Gentoo, LFS
Posts: 5,263

Rep: Reputation: 1085Reputation: 1085Reputation: 1085Reputation: 1085Reputation: 1085Reputation: 1085Reputation: 1085Reputation: 1085
Notice the leading "s" in that directory-listing: this means that the entry is a socket.

Now... what's a socket? Well, it's a program-to-program communication port. It's possible for sockets to be denoted by these file-like entries in a directory, but they're not files. The "rwxrwxrwx" does not mean that it's really "a world-writeable file."

You'll also see an "l" (ell) in the first column... once again, a "symbolic link," not a file.
 
Old 06-02-2008, 05:58 AM   #7
mccartjd
Member
 
Registered: Apr 2008
Posts: 107

Original Poster
Rep: Reputation: 15
Great if this is a symbolic link then I will not change the permissions since the focus is on world-writeable file in the /etc directory.

Take care,
John
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
World Writable Files ilago Linux - Security 4 10-06-2007 11:21 PM
LXer: Qemu a Virtualization System for Open Source World LXer Syndicated Linux News 0 06-27-2006 05:54 PM
converting Knoppix into writeable system abrand888 Linux - Distributions 6 05-20-2005 09:28 AM
world writeable files will not stay world writeable antken Mandriva 1 03-02-2004 05:04 PM
What if making /var/mail world-writeable? J_Szucs Linux - Security 4 08-18-2002 09:33 AM


All times are GMT -5. The time now is 12:54 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration