File security
Follow the guidelines below when you are creating, copying,
and moving files.
The list also includes security tips related to your startup scripts.
-
When you create a file or directory, your umask determines the
permissions given to the file or directory. For information
about
umask(C)
see
``Setting the default permissions for a new file''.
Newly created files and directories should only be accessible by you
(the owner) or the group.
If you wish to share files with other users, change the permissions
on those files individually.
-
When you use
cp(C)
to copy an SUID file owned by someone else, the
SUID bit is reset. (This is a security precaution.)
Note that when you execute a SUID file, it has access
to all your files and directories.
-
When you use cp to copy a file so
as to create a new file, the new file
takes the permissions of the original file.
Remember to check the permissions of the new file and,
if necessary, change them using the
chmod(C)
command.
-
Remember that temporary directories are world-readable.
-
Use
ls(C)
to check the permissions on your shell, mailer, startup
files, and home directory.
If the files can be read and modified by other users, change
the permissions using chmod so that only you have access
to them. If the directory can be executed by other users, those
users can cd to it; if the directory can be written to
by other users, they can remove files within it. Change the
permissions on your home directory so that only you have write or
execute permissions on it.
-
Make certain that sensitive files are not publicly readable.
Next topic:
Security for files in sticky directories
Previous topic:
If you are allowed to change your password
© 2005 The SCO Group, Inc. All rights reserved.
SCO OpenServer Release 6.0.0 -- 03 June 2005