From Red Hat Enterprise Linux 6 Security Technical Implementation Guide
Part of SRG-OS-999999
Associated with: CCI-000366
Failing to set the sticky bit on public directories allows unauthorized users to delete files in the directory structure.
To find world-writable directories that lack the sticky bit, run the following command for each local partition [PART]: # find [PART] -xdev -type d -perm -002 \! -perm -1000 If any world-writable directories are missing the sticky bit, this is a finding.
When the so-called 'sticky bit' is set on a directory, only the owner of a given file may remove that file from the directory. Without the sticky bit, any user with write access to a directory may remove any file in the directory. Setting the sticky bit prevents users from removing each other's files. In cases where there is no reason for a directory to be world-writable, a better solution is to remove that permission rather than to set the sticky bit. However, if a directory is used by a particular application, consult that application's documentation instead of blindly changing modes. To set the sticky bit on a world-writable directory [DIR], run the following command: # chmod +t [DIR]
Lavender hyperlinks in small type off to the right (of CSS
class id
, if you view the page source) point to
globally unique URIs for each document and item. Copy the
link location and paste anywhere you need to talk
unambiguously about these things.
You can obtain data about documents and items in other
formats. Simply provide an HTTP header Accept:
text/turtle
or
Accept: application/rdf+xml
.
Powered by sagemincer