Join Log in
Score:0
Jananath Banuka avatar Server

How to Remove world write permissions in Linux

cn flag
Jananath Banuka

I got this vulnerability report where it says I Remove world write permissions.

So I tried to find the files with write permissions using the below command:

find / -perm -0002 -type f

And my output looks like below (I have removed most of the output, but all these outputs are for the two directories /proc and /sys

...
/proc/235399/attr/fscreate
/proc/235399/attr/keycreate
/proc/235399/attr/sockcreate
/proc/235399/timerslack_ns
/sys/fs/cgroup/memory/user.slice/user-904374614.slice/user@904374614.service/cgroup.event_control
/sys/fs/cgroup/memory/user.slice/user-904374614.slice/user-runtime-dir@904374614.service/cgroup.event_control
/sys/fs/cgroup/memory/user.slice/user-904374614.slice/cgroup.event_control
/sys/fs/cgroup/memory/user.slice/user-904374614.slice/session-5.scope/cgroup.event_control
/sys/fs/cgroup/memory/user.slice/cgroup.event_control
/sys/fs/cgroup/memory/cgroup.event_control
/sys/fs/cgroup/memory/init.scope/cgroup.event_control
/sys/fs/cgroup/memory/system.slice/rngd.service/cgroup.event_control
/sys/fs/cgroup/memory/system.slice/irqbalance.service/cgroup.event_control
/sys/fs/cgroup/memory/system.slice/systemd-update-utmp.service/cgroup.event_control
/sys/fs/cgroup/memory/system.slice/system-systemd\x2dfsck.slice/systemd-fsck@dev-disk-by\x2duuid-B055\x2dF6D2.service/cgroup.event_control
/sys/fs/cgroup/memory/system.slice/system-systemd\x2dfsck.slice/cgroup.event_control
/sys/fs/cgroup/memory/system.slice/var-log.mount/cgroup.event_control
/sys/fs/cgroup/memory/system.slice/systemd-udevd-control.socket/cgroup.event_control
/sys/fs/cgroup/memory/system.slice/lvm2-monitor.service/cgroup.event_control
...

My question is, is it a good practice to remove the writable permissions for these files? Doesn't it going to affect any running programs to fail?

47
0 + 0
Score:0
avatar Server
in flag
Gerald Schneider

It's completely useless to remove those permissions. /proc and /sys are not permanent filesystems, after the next reboot they are going to be the same again.

0 + 0
Jananath Banuka avatar
cn flag
Jananath Banuka
Are there any paths I should AVOID like this?
0
Reply
in flag
Gerald Schneider
run `mount`. Basically everything that's not a *real* filesystem for storage.
0
Reply
Jananath Banuka avatar
cn flag
Jananath Banuka
So anything that comes out in `mount` can be neglected?
0
Reply
Score:0
avatar Server
fr flag
Tomek

These are files on kernel pseudo-filesystems (procfs and sysfs) which control different kernel behaviors.

The command to use is chmod o-w <filename> but I doubt it would work for the above-mentioned files. And even if it worked - in this specific case it may negatively affect your system stability.

0 + 0
Jananath Banuka avatar
cn flag
Jananath Banuka
Thank you for the explanation. Could you tell me what kind of other paths I should AVOID like this?
0
Reply
fr flag
Tomek
`/dev` for sure. But in most cases Linux distros are properly configured in this regard. You should only be concerned with permissions of your own files which in 99% of the cases should be in your home directory.
0
Reply
Jananath Banuka avatar
cn flag
Jananath Banuka
I used the command `find / -perm -o+w` and now I get a different hit for the `/opt` and `/tmp` directories as well. They seem to be symlinks... Should I worry about these too?
0
Reply
fr flag
Tomek
You didn't say what distro you have, I am on `rpm` based one and it allows you to verify installed files by running `rpm -Va` (as root). Anything with `M` in second column indicates file mode (permissions) was modified since install. I cannot say for sure about `/opt`, for `/tmp` - it depends. It holds temporary files (and sometimes sockets and pipes) and in some cases they need to be world writable. But regular temporary files owned by you which are world writable are a bit suspicious and may require closer look.
0
Reply
Jananath Banuka avatar
cn flag
Jananath Banuka
I have the following: `NAME="Red Hat Enterprise Linux" VERSION="8.5 (Ootpa)" ID="rhel" ID_LIKE="fedora" VERSION_ID="8.5" PLATFORM_ID="platform:el8" PRETTY_NAME="Red Hat Enterprise Linux 8.5 (Ootpa)"`
0
Reply
fr flag
Tomek
Then you can use `rpm` to check for altered files. But please take it with a bit grain of salt, some files WILL change as you configure your system to suit your needs.
0
Reply
ธงชาติไทย
Elon Musk
I sit in a Tesla and translated this thread with Ai:

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.