Hi, Anyone can help
My solaris 8 system has the following
/dev/null , /dev/tty and /dev/console
All permission are lrwxrwxrwx
Can this be change to a non-world write ??
any impact ??
All Unix systems have them.
Nope, the initial 'l' tell the remaining permissions are meaningless.
Use "ls -lL" to display the real permissions.
Yes.
I suspect your machine will rapidly crash and probably become unusable unless the O/S fix the broken permission at boot time.
Thank , but what should I reply to my auditors , which they
are asking me to tighten the permission of each (/dev/tty , /dev/null and
/dev/console !!!!
Them them that the files are links and changing permissions will have no effect, the permissions set on the file to which the symlink points control the access rights
Actually not. Changing permissions on a symlink affect the target, not the link, so the chmod would have disastrous effects.
Tell them that they are mistaken in their audit, and they are mistaken in their understanding of how Unix works. /dev/tty is a different device depending on who the user accessing it is. Read and write permissions to /dev/null pose absolutely no security risk.
/dev/console real permissions are already secure.
Note, I did not say running chmod on the link, I said chaning the permissions of the link and was speaking hypotetically. Running chmod on the link would as you said change the file, but there would still be no effect on the link itself: it would still be 777. The point being that changing the link is a pointless exercise, the actual target should be modified directly if this is required for some reason, but I cannot see a reason for changing any of the ones suggested.
No problem. That was indeed hypothetical as AFAIK there is no (simple) command available to change a symbolic link permissions, one good reason being the command would have been useless anyway.
Agreed about it being useless because POSIX requires the permission bits on the link to be ignored and treated as 777, however "chmod -h" will change the permissions of a symlink on systems that allow it (BSD).
Brain running slow today, see update below.
Correct, however Solaris chmod doesn't implement (yet?) that useless option.
I rememberd that after my last post and went to it to make sure I had *finally* remembered correctly.