Hi,
Anyone know how I could write a script to check the permisions on every directory on my system? I don't want misc users to be able to write files elsewhere and run them.
Thanks
Printable View
Hi,
Anyone know how I could write a script to check the permisions on every directory on my system? I don't want misc users to be able to write files elsewhere and run them.
Thanks
There are several free scripts available which can be used for testing the system security for permissions. Which control panel do you use in the server. That depends greatly on your system security.
Use this command to check if you know find about writable directory permission for everyone:
Any question or doubts, use man find to learn more as you might need to change the -perm 0766 to other permission and -type d from directory to -type f for files.Code:find /home -type d -perm 0766
Hope this helps ;)
find / -type f -perm +0002 -exec ls -l {} \;
find / -type f -perm +0020 -exec ls -l {} \;
find /home -type d -perm 0766
That's a cool solution. We can have some more modifications.
The above one will find out the directories with permissions exactly match 0766
We need to find out the permissions like
0722, 0755, 0466, 0422, 0477, 0266, 0222, 0277, 0166, 0122, 0177, 071.... Oops!! the list is too long.
First we will generate the list of the permissions to be checked.
Now it works fine. :-)Code:# I generated all the 3 digit numbers and prefixed a 0 using the following script
for ((a=100; a <= 777 ; a++)) ;do echo "0$a">>all ;done;
# Then removed the impossible permissions.
cat all |grep -v [89] >perm
# Now sorted out the files ending with permissions 2,3,5,6,7 (which allow others to write)
cat perm | grep [23567]$ >other_write
# Now I got the files with permissions that I want to check. So I start the check as follows
# I use one echo find /home -type d -perm $i so that I can get an idea that which permission is currently checked
for i in `cat other_write`; do echo find /home -type d -perm $i ; find /home -type d -perm $i ;done
# Now we can remove the temporary files
rm -rf all perm
# I keep other_write for future use
# In future I can run only for i in `cat other_write`; do find /home -type d -perm $i ;done
Thanks guys, I was thinking it had to be all complex, never thought of the find command :D