/tmp chmod setting

jethbrown · #1 06-28-2006, 09:03 PM

What setting should this be? I had it 1777 and I was getting the eggdrop problem in it, I made it 0755 and it secured it, but to well. Now phpmyadmin won't work, I put it back to 1777 or 0777 and phpmyadmin works just fine. I have it noexec and on another partition as suggested in many places in the forums.

eth00 · #2 06-28-2006, 09:30 PM

0777 or 0755 will not help prevent and eggdrop from running. What will stop an eggdrop is the noexec. Go ahead and set it to chmod 0777 and it will be fine. The only thing you have to watch for is perl scripts getting uploaded and run which tends to happen frequently if your server is not hardened against such attacks.

Bilco105 · #3 06-29-2006, 04:39 AM

Make sure /tmp is mounted noexec, nosuid.

pmabraham · #4 06-29-2006, 09:51 AM

Greetings:

chmod 0777 /tmp
chmod +t /tmp

Plus securing /tmp

Please note that /tmp security ** does not ** mean that hackers will not be able to use /tmp for their own benefit. That's why multiple layers of security such as securing your compilers, fetch like programs, using mod_security, and other layers matter so much.

Thank you.

Ramprage · #5 06-29-2006, 11:00 AM

Sometimes it's not just /tmp that's the issue, an attacker will find an exploitable script in a users directory and upload files to it. Nobody Check can help find malicious processes running appearing to be something else, eg: Apache, Sendmail or other daemons.

gbjbaanb · #6 06-30-2006, 01:28 PM

why does NobodyCheck require cpanel?

Please bear in mind that some processes, eg. logrotate, will break if you secure your /tmp, so you'll need to specify a differnet temp directory for them to use.