Forum Discussion

FileSecChecker's avatar
FileSecChecker
Level 2
11 years ago

Default File Permissions

On an 11.3 HP-UX system, I noted that the following files gave "world" RWX or RW- permissions

/etc/vx/.vxesd.lock
/etc/vx/dmpevents.log
/etc/vx/cbr
/etc/vx/vold_inquiry/socket
/etc/vx/vold_request/socket
/etc/vx/vold_diag/socket
/etc/vx/cbr
/etc/vx/cbr/bk
 

Is there any reason why these permissions are needed for world or can a more restricte set of permissions be used (e.g., read only or none)?

Thank you

Best Practice
business continuity
HP-UX
Storage Foundation
  • Gaurav_S's avatar
    Gaurav_S
    11 years ago

    Hi,

    All the files/directories mentioned above are exclusive used by veritas volume manager & all the veritas volume related operations are done by root user or user with root equivalent privileges. The daemons or processes writing to these files would be either of 

    vxconfigd

    vxconfigbackupd

    vxesd

    vxrelocd

    vxnotify

    If we look at owners of all these daemons its root:sys. So I would assume it would be OK to reduce write permissions other than root.

    However, to be on safe side, I would recommend to try this on a test machine just to ensure nothing breaks after modifying the persmissions.

    G

2 Replies

Sort By
  • Gaurav_S's avatar
    Gaurav_S
    Moderator
    11 years ago

    Hi,

    All the files/directories mentioned above are exclusive used by veritas volume manager & all the veritas volume related operations are done by root user or user with root equivalent privileges. The daemons or processes writing to these files would be either of 

    vxconfigd

    vxconfigbackupd

    vxesd

    vxrelocd

    vxnotify

    If we look at owners of all these daemons its root:sys. So I would assume it would be OK to reduce write permissions other than root.

    However, to be on safe side, I would recommend to try this on a test machine just to ensure nothing breaks after modifying the persmissions.

    G