Solved: Default File Permissions

FileSecChecker · ‎10-13-2013

On an 11.3 HP-UX system, I noted that the following files gave "world" RWX or RW- permissions

/etc/vx/.vxesd.lock
/etc/vx/dmpevents.log
/etc/vx/cbr
/etc/vx/vold_inquiry/socket
/etc/vx/vold_request/socket
/etc/vx/vold_diag/socket
/etc/vx/cbr
/etc/vx/cbr/bk

Is there any reason why these permissions are needed for world or can a more restricte set of permissions be used (e.g., read only or none)?

Thank you

Gaurav_S · ‎10-14-2013

Hi,

All the files/directories mentioned above are exclusive used by veritas volume manager & all the veritas volume related operations are done by root user or user with root equivalent privileges. The daemons or processes writing to these files would be either of

vxconfigd

vxconfigbackupd

vxesd

vxrelocd

vxnotify

If we look at owners of all these daemons its root:sys. So I would assume it would be OK to reduce write permissions other than root.

However, to be on safe side, I would recommend to try this on a test machine just to ensure nothing breaks after modifying the persmissions.

G

View solution in original post

Gaurav_S · ‎10-14-2013

Hi,