/etc/periodic/security/110.neggrpperm problem

T

t0she3

Hello,

I have FreeBSD 9.2. I have to big run every night of 110.neggrpperm.
Code: 
        echo 'Checking negative group permissions:'
        MP=`mount -t ufs,zfs | awk '$0 !~ /no(suid|exec)/ { print $3 }'`
        n=$(find -sx $MP /dev/null -type f \
            \( \( ! -perm +010 -and -perm +001 \) -or \
            \( ! -perm +020 -and -perm +002 \) -or \
            \( ! -perm +040 -and -perm +004 \) \) \
            -exec ls -liTd \{\} \+ | tee /dev/stderr | wc -l)
        [ $n -gt 0 ] && rc=1 || rc=0
I changed
Code: 
find -sx $MP /dev/null
to
Code: 
n=$(find -sx /home/dragon/sites/root.fs /dev/null -type f \
which gives me this result:
Code: 
Checking negative group permissions:
61245010 -rwxrw-r-x  1 root  wheel  578 Apr 17 21:39:28 2010 /home/dragon/sites/root.fs/Backup/App/01/App2/hosting/shop/backup.sh
64622896 -rwxrw-r-x  1 root  wheel  418 Aug 19 00:00:27 2009 /home/dragon/sites/root.fs/rdiff-backup-data/increments/System/BACKUP/shop/backup.old.sh.2013-08-29T01:31:01+03:00.snapshot.gz
64622897 -rwxrw-r-x  1 root  wheel  318 Apr 19 11:59:55 2010 /home/dragon/sites/root.fs/rdiff-backup-data/increments/System/BACKUP/shop/backup.sh.2013-08-29T01:31:01+03:00.snapshot.gz
but in log it is over 10000 files.

Where to find the problem?

Greetings
Todor Zahariev
 
I am a little bit in doubt about what you want to achieve, please indicate.
  • Fixing the "negative group" issues?
  • Quieting the script which reports the issues?

In case (A), either add the execute x-flag to the permissions of the group or remove the x-flag from others.

In case (B), add the following line to /etc/periodic.conf
Code: 
daily_status_security_neggrpperm_enable="NO"
 
Hello,

How to make

"In case (A), either add the execute x-flag to the permissions of the group or remove the x-flag from others."?

Give me an example.

Greetings,
Todor Zahariev
 
For adding the x-flag to the permissions of the group of a file:
# chmod g+x /home/dragon/sites/root.fs/Backup/App/01/App2/hosting/shop/backup.sh

For removing the x-flag from the permissions of others of a file:
# chmod o-x /home/dragon/sites/root.fs/Backup/App/01/App2/hosting/shop/backup.sh
 
Hello,

After using chmod o-x /home/evoworld/evoworld/j15/www/cache/_system/15b52be95a9a930b0d4cabd52ac0c41e.php there are no changes in the log of 110.neggrpperm:

Code: 
77852049 -rw----r--  1 evoworld  evoworld  223621 Jul  4 19:20:40 2013 /home/evoworld/evoworld/j15/www/cache/_system/15b52be95a9a930b0d4cabd52ac0c41e.php
77852050 -rw----r--  1 evoworld  evoworld      10 Jul  4 19:20:40 2013 /home/evoworld/evoworld/j15/www/cache/_system/15b52be95a9a930b0d4cabd52ac0c41e.php_expire

Where can I see the status of security_neggrpperm? Did I make a mistake?

Greetings,
Todor Zahariev
 
t0she3 said:
Code: 
77852049 -rw----r--  1 evoworld  evoworld  223621 Jul  4 19:20:40 2013 /home/evoworld/evoworld/j15/www/cache/_system/15b52be95a9a930b0d4cabd52ac0c41e.php
77852050 -rw----r--  1 evoworld  evoworld      10 Jul  4 19:20:40 2013 /home/evoworld/evoworld/j15/www/cache/_system/15b52be95a9a930b0d4cabd52ac0c41e.php_expire
Click to expand...

These files got another negative group permissions issue, namely others got read permissions while group got not, i.e. others have higher permissions (4) than group (0): 0-4 = -4 (negative).

Either add the r-flag to group:
# chmod g+r /home/evoworld/evoworld/j15/www/cache/_system/15b52be95a9a930b0d4cabd52ac0c41e.php
Or remove the r-flag from others:
# chmod o-r /home/evoworld/evoworld/j15/www/cache/_system/15b52be95a9a930b0d4cabd52ac0c41e.php

t0she3 said:
Where can I see the status of security_neggrpperm?
Click to expand...

Run the respective script as user root:
# /etc/periodic/security/110.neggrpperm
 
Hello!

I made a script to change with chmod:

Code: 
for _CFG in `cat LOG`; do
	echo "$_CFG"
	chmod o-x "$_CFG"
	chmod o-r "$_CFG"
done

But low joint [ What? -- Mod. ] I get a problem with space strings:
Code: 
"/home/evoworld/evoworld/www_j31/images/com_weever/EVO Logo-3 copy.jpg"
space make for 3 pashe.[ What? -- Mod. ]

Before I use /bin/sh I don't known to fixed script.
Can you help me?

Greetings,
Todor Zahariev
 
Hello,

I changed the script:

Code: 
#!/bin/sh

IFS='
'
for _CFG in `cat LOG`; do
        echo "$_CFG"
        chmod o-x "$_CFG"
        chmod o-r "$_CFG"
done
And everthing came good.

Greetings,
Todor Zahariev
 
You must log in or register to reply here.
Back
Top