GeodSoft logo   GeodSoft

Ten Practical Security Steps
Access Permissions

4. Take full advantage file system access permissions and user groups to limit access to resources on a need to use only basis.

Some systems come by default allowing ordinary users access to nearly everything. Most place some restrictions on what users have access to. All are too liberal on what ordinary users have access to. Frequently users are prevented from updating key system components but except for the most sensitive files, users on most systems with default installs are allowed to see all kinds of things, including most of the system configuration information which they have absolutely no reason for needing access to.

Files that are run at startup or from the system scheduler (as the system or administrator) should never be writeable by anyone but the administrative user or root. It's preferable that these not be readable or executable by anyone but the adminstrative user or those authorized to use the adminstrative password.

Scripts on any system that are likely to be run by root or the administrator should never be writeable by anyone but root or the administrator. When executed by root or an administrator, scripts and all programs or scripts run from it, run with full privileges. Any user who can write to these files, can have anything they want run with full privileges by simply adding a line. This is probably the easiest way for a non privileged user to gain administrative privileges as it requires almost no technical skills and no operating system bug. It only requires a little carelessness by an administrator. Startup files are guaranteed to be run sooner or later and scheduled jobs can be counted on but anything run by the administrative user will do; it's only less predictable when the damage will be done.

On all systems there is no reason for compiled executables to be writeable by anyone after they are installed. Locally developed and modified scripts will need to writeable by administrative user; if they are never run at startup, via the system scheduler or by root they may be writeable by development staff.

Files or directories that are world writeable are highly suspect on any system. On UNIX

find / -perm 002 -exec ls -l {} \;

will identify any world writeable files and directories. It should not be necessary to pipe this to less as there should be no output.

Windows NT Workstation defaults new disk partitions to full control (which includes write and access control) to the group Everyone which is the worst possible setting. I've read that this is not true of NT Server though my recollections are that it is true. Even if NT Server's default directory permissions are not as open as Workstation, they are far too permissive. The group Everyone automatically includes all users. Everyone should be severely restricted in what it can access. Nothing may be the best setting or read and execute only on \Winnt\system32 may be appropriate. Creating your own "All Users" or similar group to which you may add users and from which you may remove any user, will give you much greater control over permissions that are to be granted almost universally.

Since NT normally allows access to subdirectories even though the user does not have access to parent directories, the root of NT's NTFS partitions should be restricted to System, Administrators and Backup Operators. Permissions in all top level directories should be reexamined and tightened as much as practical. Newly created directories, which inherit settings from their parent directory as their default, should be opened only to the extent necessary for them to fulfill their purpose.

NT's access permissions are much more complex than UNIX. The graphical tools for controlling NT access permissions are like a sledge hammer allowing control over only the current directory or changing everything in all subdirectories if anything is to be changed in all subdirectories. NT administrators must learn to use the command line CACLS, which allows individual permissions to be added or removed in the current directory or subdirectories without changing other settings, if they want secure and useable systems.

transparent spacer

Top of Page - Site Map

Copyright © 2000 - 2014 by George Shaffer. This material may be distributed only subject to the terms and conditions set forth in (or These terms are subject to change. Distribution is subject to the current terms, or at the choice of the distributor, those in an earlier, digitally signed electronic copy of (or cgi-bin/ from the time of the distribution. Distribution of substantively modified versions of GeodSoft content is prohibited without the explicit written permission of George Shaffer. Distribution of the work or derivatives of the work, in whole or in part, for commercial purposes is prohibited unless prior written permission is obtained from George Shaffer. Distribution in accordance with these terms, for unrestricted and uncompensated public access, non profit, or internal company use is allowed.

Home >
How-To >
10 Security Steps >

What's New
Email address

Copyright © 2000-2014, George Shaffer. Terms and Conditions of Use.