jack@linus.claremont.edu (12/24/90)
In article <1071@toaster.SFSU.EDU>, eps@toaster.SFSU.EDU (Eric P. Scott) writes: > In article <1990Dec21.184328.1@linus.claremont.edu> > jack@linus.claremont.edu writes: >>I found my mistake. For future refence the /private/spool and the /private/tmp >>should have 777 protection on them. > > Is this some new 2.0 breakage? What does WriteNow need in > /private/spool, and why can't /tmp be 1777? > > (I assume I don't need to explain why 777 is a security hole.) > > -=EPS=- You are right. The protection on /private/tmp should be 1777 and not 777. /private/spool has a number of subdirectories (such as mail and NeXT-Faxes) that should also be set to 1777 but the top level directory probably should not be. I spend most of my time on VMS systems so I am ignorant of many Unix security issues. I didn't know what the sticky bit did so I looked it up (Unix System Administration --- Nemeth, Snyder, and Seebass). Apparantly what the sticky bit does varies from system to system but on the NeXT on the /private/tmp directory, it probably means that only the owner of the file can modify or delete it (and, of course, so can the superuser). Could you please explain why 777 is a security hole on /private/spool? I know that there are a few Unix rookies (besides myself) on this newsgroup that don't know the answer. I have a few wild guess but they are just that. Thanks, ---Jack Jack Stewart Jack@Hmcvax (Bitnet) Academic Computing, jack@hmcvax.claremont.edu (Internet) Harvey Mudd College, jack@fozzie.claremont.edu (NeXT-Mail) Claremont, Ca. 91711 714-621-8006