Results 1 to 6 of 6
  1. #1
    Join Date
    Nov 2003
    Location
    Canada
    Posts
    881

    Checking for writable directories?

    Hi,

    Anyone know how I could write a script to check the permisions on every directory on my system? I don't want misc users to be able to write files elsewhere and run them.

    Thanks

  2. #2
    Join Date
    Jul 2003
    Location
    India
    Posts
    43
    There are several free scripts available which can be used for testing the system security for permissions. Which control panel do you use in the server. That depends greatly on your system security.

  3. #3
    Join Date
    Jul 2001
    Location
    Singapore
    Posts
    1,889
    Use this command to check if you know find about writable directory permission for everyone:
    Code:
    find /home -type d -perm 0766
    Any question or doubts, use man find to learn more as you might need to change the -perm 0766 to other permission and -type d from directory to -type f for files.

    Hope this helps
    Giam Teck Choon
    :: Join choon.net Community today to share your tips and tricks on server issues please ::
    :: Singapore Dedicated Servers :: Singapore Virtual Private Servers :: Linux/FreeBSD Server Management ::

  4. #4
    Join Date
    Jun 2004
    Location
    New York, NY
    Posts
    376
    find / -type f -perm +0002 -exec ls -l {} \;
    find / -type f -perm +0020 -exec ls -l {} \;
    All My Data » From small shared web hosting accounts to powerful dedicated servers.
    Now offering Affordable UNIX shells and IRCd hosting!

  5. #5
    Join Date
    Jul 2003
    Location
    India
    Posts
    43
    find /home -type d -perm 0766

    That's a cool solution. We can have some more modifications.

    The above one will find out the directories with permissions exactly match 0766
    We need to find out the permissions like
    0722, 0755, 0466, 0422, 0477, 0266, 0222, 0277, 0166, 0122, 0177, 071.... Oops!! the list is too long.

    First we will generate the list of the permissions to be checked.
    Code:
    #  I generated all the 3 digit numbers and prefixed a 0 using the following script
     for ((a=100; a <= 777 ; a++)) ;do echo  "0$a">>all  ;done;
    
    # Then removed the impossible permissions.
     cat all |grep -v [89] >perm
    
    # Now sorted out the files ending with permissions 2,3,5,6,7 (which allow others to write)
    cat perm | grep [23567]$ >other_write
     
    # Now I got the files with permissions that I want to check. So I start the check as follows
    # I use one echo find /home -type d -perm $i   so that I can get an idea that which permission is currently checked
     for i in `cat other_write`; do echo  find /home -type d -perm $i ; find /home -type d -perm $i ;done
    
    # Now we can remove the temporary files 
    rm -rf all perm
    
    # I keep other_write for future use
    # In future I can run only for i in `cat other_write`; do   find /home -type d -perm $i ;done
    Now it works fine. :-)

  6. #6
    Join Date
    Nov 2003
    Location
    Canada
    Posts
    881
    Thanks guys, I was thinking it had to be all complex, never thought of the find command

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •