Solaris / OpenSolarisThis forum is for the discussion of Solaris, OpenSolaris, OpenIndiana, and illumos.
General Sun, SunOS and Sparc related questions also go here. Any Solaris fork or distribution is welcome.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Distribution: RHEL, Ubuntu, Solaris 11, NetBSD, OpenBSD
Posts: 225
Rep:
Solaris 9 - /etc/system permissions
Hi,
This is probably opening up a whole can of worms about the permissions of a lot of files in /etc, but anyway...
Given what the /etc/system file is, and that according to the man page:
Code:
$ man -s 4 system
[...]
NOTES
The /etc/system file is read only once, at boot time.
SunOS 5.9 Last change: 18 Feb 2003 4
I was surprised to find the permissions on this file set as such:
Code:
$ ls -l /etc/system
-rw-r--r-- 1 root sys 2320 Jun 10 22:47 /etc/system
I just don't see any good reason why this file would be world readable. Actually, I don't see any real reason why this file doesn't have permissions of 0400. Is there any reason I can't chmod it 0400?
Distribution: Solaris 11.4, Oracle Linux, Mint, Debian/WSL
Posts: 9,789
Rep:
Quote:
Originally Posted by SteveK1979
I just don't see any good reason why this file would be world readable. Actually, I don't see any real reason why this file doesn't have permissions of 0400.
I agree with jschiwal. The settings done in this file are of interest for several applications so making it unreadable for them would be a regression.
I don't understand why you want this file to be read-only. It has no security data in it.
Distribution: RHEL, Ubuntu, Solaris 11, NetBSD, OpenBSD
Posts: 225
Original Poster
Rep:
Quote:
Originally Posted by jlliagre
I agree with jschiwal. The settings done in this file are of interest for several applications so making it unreadable for them would be a regression.
I don't understand why you want this file to be read-only. It has no security data in it.
I was just using the method of applying least privilege to the system. It does hold critical system information, and you can also consult this file to see if, for example, a non-executable stack is enabled on the system. But I guess it's not really a source of security information.
What programs would you expect to see querying this file?
You might try using the strings command and see if programs have the string "/etc/system" in them. Also use lsof to see if any program has the file open.
It might be the case that items that might be in the file would be available using one of the getconf commands, and only a poorly written program would access them. A config script on the system itself or maybe a ./configure script generated by autoconf might check for certain values. It could be that even if they do, they might be checking for changes that you haven't make, or just make a mistake guessing on default capabilities. Even such a system script will probably be run as root. I don't think changing the permissions would hurt anything. I don't know if any information in it wouldn't be available in another way, or be something that you really need to protect.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.