S 4.19 Restrictive allocation of attributes for Unix system files and directories

Initiation responsibility: IT Security Officer, Head of IT

Implementation responsibility: Administrator

The safeguards mentioned here are applicable to files and directories the administrator is responsible for, i.e. for such files and directories important to all users or serving administration purposes. It is not sufficient to check the rights of a program; the granting of rights of all programs retrieved by this program must be checked (particularly to avoid Trojan horses).

The attributes of all system files should be set in such a way that only the system administrator is granted access, if possible. Directories should provide no more than the required privileges for users.

The s-bit should only be set if absolutely required. For Shell scripts, the s-bit must not be set. The s-bit must only be set by the administrator and the necessity must be justified and documented.

In directories where all users must have write rights to (e.g. /tmp), the t-bit (sticky bit) should be set.

The integrity of all attributes set for Unix system files and directories should be verified regularly, e.g. using Tripwire (see also S 4.26 Regular security checks of Unix systems).

Review questions:

• Are indirectly retrieved programs also verified within the framework of the granting of rights in Unix?
• Have the attributes of the system files and directories been set restrictively?
• Has the s-bit been set only where it is required in a comprehensible manner?
• Is the granting of rights and/or attributes for system files and directories checked regularly?