Results 1 to 6 of 6
-
11-30-2004, 01:40 PM #1Web Hosting Master
- Join Date
- Nov 2003
- Location
- Canada
- Posts
- 881
Checking for writable directories?
Hi,
Anyone know how I could write a script to check the permisions on every directory on my system? I don't want misc users to be able to write files elsewhere and run them.
Thanks
-
11-30-2004, 02:27 PM #2Junior Guru Wannabe
- Join Date
- Jul 2003
- Location
- India
- Posts
- 43
There are several free scripts available which can be used for testing the system security for permissions. Which control panel do you use in the server. That depends greatly on your system security.
Praveen
http://slashome.com
-
11-30-2004, 02:48 PM #3Retired Moderator
- Join Date
- Jul 2001
- Location
- Singapore
- Posts
- 1,889
Use this command to check if you know find about writable directory permission for everyone:
Code:find /home -type d -perm 0766
Hope this helpsGiam Teck Choon
:: Join choon.net Community today to share your tips and tricks on server issues please ::
:: Singapore Dedicated Servers :: Singapore Virtual Private Servers :: Linux/FreeBSD Server Management ::
-
11-30-2004, 03:56 PM #4Aspiring Evangelist
- Join Date
- Jun 2004
- Location
- New York, NY
- Posts
- 376
find / -type f -perm +0002 -exec ls -l {} \;
find / -type f -perm +0020 -exec ls -l {} \;All My Data » From small shared web hosting accounts to powerful dedicated servers.
Now offering Affordable UNIX shells and IRCd hosting!
-
11-30-2004, 04:36 PM #5Junior Guru Wannabe
- Join Date
- Jul 2003
- Location
- India
- Posts
- 43
find /home -type d -perm 0766
That's a cool solution. We can have some more modifications.
The above one will find out the directories with permissions exactly match 0766
We need to find out the permissions like
0722, 0755, 0466, 0422, 0477, 0266, 0222, 0277, 0166, 0122, 0177, 071.... Oops!! the list is too long.
First we will generate the list of the permissions to be checked.
Code:# I generated all the 3 digit numbers and prefixed a 0 using the following script for ((a=100; a <= 777 ; a++)) ;do echo "0$a">>all ;done; # Then removed the impossible permissions. cat all |grep -v [89] >perm # Now sorted out the files ending with permissions 2,3,5,6,7 (which allow others to write) cat perm | grep [23567]$ >other_write # Now I got the files with permissions that I want to check. So I start the check as follows # I use one echo find /home -type d -perm $i so that I can get an idea that which permission is currently checked for i in `cat other_write`; do echo find /home -type d -perm $i ; find /home -type d -perm $i ;done # Now we can remove the temporary files rm -rf all perm # I keep other_write for future use # In future I can run only for i in `cat other_write`; do find /home -type d -perm $i ;done
Praveen
http://slashome.com
-
11-30-2004, 04:44 PM #6Web Hosting Master
- Join Date
- Nov 2003
- Location
- Canada
- Posts
- 881
Thanks guys, I was thinking it had to be all complex, never thought of the find command