How do I find out all world writable directories have sticky bits set under CentOS Linux server?
If sticky bit is set on a directory, only the owner of a given file may remove that file from the directory. Without the sticky bit, any user with write access to a directory may remove any file in the directory. Setting the sticky bit prevents users from removing each other’s files. /tmp directory always set with stick bit on.
You can easily locate all directories which are world-writable and do not have their sticky bits set. The following command will discover and print these for /webroot directory:
# find /webroot -xdev -type d \( -perm -0002 -a ! -perm -1000 \) -print
If above command produces any output, fix each reported directory /dir using the chmod command (be careful with the following command):
# find /webroot -xdev -type d \( -perm -0002 -a ! -perm -1000 \) -print0| xargs -0 chmod +t
OR better solution is review each directory and set permission as per requirements:
# chmod +t /path/to/dir
Personally, I prefer to remove permission from all such directories except required directories such as /tmp. Also some application requires world writable directories. So, if a directory is used by a particular application, consult that application’s documentation instead of blindly changing modes using xargs.
- 30 Handy Bash Shell Aliases For Linux / Unix / Mac OS X
- Top 30 Nmap Command Examples For Sys/Network Admins
- 25 PHP Security Best Practices For Sys Admins
- 20 Linux System Monitoring Tools Every SysAdmin Should Know
- 20 Linux Server Hardening Security Tips
- Linux: 20 Iptables Examples For New SysAdmins
- Top 20 OpenSSH Server Best Security Practices
- Top 20 Nginx WebServer Best Security Practices
- 20 Examples: Make Sure Unix / Linux Configuration Files Are Free From Syntax Errors
- 15 Greatest Open Source Terminal Applications Of 2012
- My 10 UNIX Command Line Mistakes
- Top 10 Open Source Web-Based Project Management Software
- Top 5 Email Client For Linux, Mac OS X, and Windows Users
- The Novice Guide To Buying A Linux Laptop