LinuxQuestions.org
LinuxAnswers - the LQ Linux tutorial section.
Go Back   LinuxQuestions.org > Forums > Other *NIX Forums > Solaris / OpenSolaris
User Name
Password
Solaris / OpenSolaris This forum is for the discussion of Solaris and OpenSolaris.
General Sun, SunOS and Sparc related questions also go here.

Notices

Reply
 
Search this Thread
Old 07-10-2007, 06:40 PM   #1
SteveK1979
Member
 
Registered: Feb 2004
Location: UK
Distribution: RHEL5/6, Solaris 10/11, NetBSD, OpenBSD, FreeBSD, MacOS
Posts: 221

Rep: Reputation: 40
Lightbulb Solaris 9 - /etc/system permissions


Hi,

This is probably opening up a whole can of worms about the permissions of a lot of files in /etc, but anyway...

Given what the /etc/system file is, and that according to the man page:
Code:
$ man -s 4 system
[...]
NOTES
     The /etc/system file is read only once, at boot time.

SunOS 5.9           Last change: 18 Feb 2003                    4
I was surprised to find the permissions on this file set as such:
Code:
$ ls -l /etc/system
-rw-r--r--   1 root     sys         2320 Jun 10 22:47 /etc/system
I just don't see any good reason why this file would be world readable. Actually, I don't see any real reason why this file doesn't have permissions of 0400. Is there any reason I can't chmod it 0400?

If it can be changed, does ASET pick this up?

Cheers,
Steve
 
Old 07-10-2007, 08:00 PM   #2
jschiwal
Guru
 
Registered: Aug 2001
Location: Fargo, ND
Distribution: SuSE AMD64
Posts: 15,733

Rep: Reputation: 654Reputation: 654Reputation: 654Reputation: 654Reputation: 654Reputation: 654
Would some program possibly look for changes from defaults during startup?

They probably would use getconf instead unless changes made in the /etc/system file wouldn't be be reflected. That may not be the case.
 
Old 07-10-2007, 10:17 PM   #3
jlliagre
Moderator
 
Registered: Feb 2004
Location: Outside Paris
Distribution: Solaris10, Solaris 11, Mint, OL
Posts: 9,505

Rep: Reputation: 360Reputation: 360Reputation: 360Reputation: 360
Quote:
Originally Posted by SteveK1979
I just don't see any good reason why this file would be world readable. Actually, I don't see any real reason why this file doesn't have permissions of 0400.
I agree with jschiwal. The settings done in this file are of interest for several applications so making it unreadable for them would be a regression.
I don't understand why you want this file to be read-only. It has no security data in it.

Last edited by jlliagre; 07-10-2007 at 10:18 PM.
 
Old 07-12-2007, 08:27 AM   #4
SteveK1979
Member
 
Registered: Feb 2004
Location: UK
Distribution: RHEL5/6, Solaris 10/11, NetBSD, OpenBSD, FreeBSD, MacOS
Posts: 221

Original Poster
Rep: Reputation: 40
Question

Quote:
Originally Posted by jlliagre
I agree with jschiwal. The settings done in this file are of interest for several applications so making it unreadable for them would be a regression.
I don't understand why you want this file to be read-only. It has no security data in it.
I was just using the method of applying least privilege to the system. It does hold critical system information, and you can also consult this file to see if, for example, a non-executable stack is enabled on the system. But I guess it's not really a source of security information.

What programs would you expect to see querying this file?

Cheers,
Steve
 
Old 07-12-2007, 03:14 PM   #5
jschiwal
Guru
 
Registered: Aug 2001
Location: Fargo, ND
Distribution: SuSE AMD64
Posts: 15,733

Rep: Reputation: 654Reputation: 654Reputation: 654Reputation: 654Reputation: 654Reputation: 654
You might try using the strings command and see if programs have the string "/etc/system" in them. Also use lsof to see if any program has the file open.

It might be the case that items that might be in the file would be available using one of the getconf commands, and only a poorly written program would access them. A config script on the system itself or maybe a ./configure script generated by autoconf might check for certain values. It could be that even if they do, they might be checking for changes that you haven't make, or just make a mistake guessing on default capabilities. Even such a system script will probably be run as root. I don't think changing the permissions would hurt anything. I don't know if any information in it wouldn't be available in another way, or be something that you really need to protect.
 
  


Reply

Tags
permissions, solaris


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
What to Know before starting Solaris System Admin songeek Solaris / OpenSolaris 5 05-16-2007 08:32 AM
Removing Solaris from SYSTEM COMMANDER? as400 Solaris / OpenSolaris 5 08-17-2006 11:27 PM
Solaris Installation - System Keeps Rebooting qs_tahmeed Solaris / OpenSolaris 3 07-18-2005 12:34 AM
x86 Solaris 10 System Requirements? dsschanze Solaris / OpenSolaris 1 12-11-2004 04:20 AM
Certification Operating System Solaris 9 madiego Solaris / OpenSolaris 7 09-05-2004 10:55 AM


All times are GMT -5. The time now is 06:31 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration