Video Screencast Help
Protect Your POS Environment Against Retail Data Breaches. Learn More.

Any easy way to remove world-writable bit (change permission) on Netbackup 6.5.4 files in Solaris?

Created: 28 Dec 2010 | 3 comments

There are many NetBackup 6.5.4 files have world-writeable permission in Solaris. Is there any easy fix to make all NetBackup files without any world-writeabel permission.

Comments 3 CommentsJump to latest comment

Marianne's picture

Please give examples?

I have found that there are hardly any files/folders that have write permission for 'other', even for root. Two of the very few folders that have 777 permissions are in /usr/openv/netbackup/logs - user_ops and nbliveup. user_ops certainly needs write permission for all users.

Most binaries in netbackup/bin and volmgr/bin have 500 (-r-x------   1 root     bin) permissions, the rest (including  admincmd) have 555 permissions (-r-xr-xr-x) - no write permission.

So, I certainly don't see any unusual amount of write permission for all users.

Did someone in your environment perhaps do a recursive chmod?

Supporting Storage Foundation and VCS on Unix and Windows as well as NetBackup on Unix and Windows
Handy NBU Links

dododo..'s picture

 I certainly see 777 permissions in  /usr/openv/netbackup/logs - user_ops and nbliveup. user_ops on my end as well.  Are those files "have to" be 777?

Here are some my examples in other directories with 777. (I had confirmed that no one did chmod), they are:

opt/openv/var/global/device_mappings.txt

/opt/openv/var/vnetd/bpversion_touch.txt

/opt/openv/volmgr/bin/SHARED_DRIVE_CALLED

/opt/openv/volmgr/debug/acsssi/event.log

/opt/openv/var/global/device_mappings.txt

/opt/openv/var/nbproxy_nbsl-ServiceManagementEx-1.ior.mgr

/opt/openv/var/nbproxy_nbsl-ServiceManagementEx-10.ior.mgr

The fact is -- our media server(s) went through many upgrades. I heard NBU6.5.6 will not generate 777 files anymore. If this is a true statement, does this mean if I have a clean installation of 6.5.6 (no previous historical files or directories) on a server, I won't find any 777 files in any NBU directories?

Will Restore's picture

  /usr/openv/netbackup/db/images/*.lck

  /usr/openv/netbackup/vault

  /usr/openv/pack

 

we run a script to remove world-write permissions for hardening but some of these reverted

Will Restore -- where there is a Will there is a way