Solaris permission problem(newbie)

Jerry Feldman gaf at blu.org
Fri Apr 28 09:31:40 EDT 2000


I generally do not use Solaris, but I had forgotten about the 't' bit for the 
temp directories. I therefore stand corrected. 

While /var is normally expected to be local, on a cluster or dataless 
system, it will be exported and shared. If shared, there are many files 
that are node specific, so the host OS must be able to allow /var to be 
shared (between systems) with some files and directories to be specified 
as node-specific. Additionally, some subdirectories on /var are normally 
shared on large systems. /var/spool/mail is commonly NFS exported by 
the central mail server, but /var/mqueue is normally local. Gets 
complicated. 
On 28 Apr 2000, at 8:41, Mike Bilow wrote:

> I don't know what book you're reading, but /tmp and /var/tmp damn well
> ought to be mode 1777 or everyone on the system can become root.
> Especially on a Solaris machine where the exploit is well known and
> publicly available, allowing anything other than 1777 is a recipe for
> disaster.  While we're on this subject, /tmp and /var/tmp had also better
> be owned by root.root, or similar kinds of bad things will occur.
<snip>
> In general, you should not be able to run out of space in /var.  The
> difference between /var and /usr is that /var is always understood to be
> local (that is, not NFS).  If you need scratch space, you can define a
> mount point below /var.  This is common for security reasons, such as

Jerry Feldman <gaf at blu.org>
Associate Director
Boston Linux and Unix user group
http://www.blu.org
-
Subcription/unsubscription/info requests: send e-mail with
"subscribe", "unsubscribe", or "info" on the first line of the
message body to discuss-request at blu.org (Subject line is ignored).



More information about the Discuss mailing list