A.7 Chapter 6: Filesystems and Security

  • Learn about the useful options to your version of the ls command.

  • If your system has access control lists (ACLs), learn how to use them. Remember: do not depend on ACLs to protect files on NFS partitions.

  • Set your umask to an appropriate value (e.g., 027 or 077).

  • Never write SUID/SGID shell scripts.

  • Periodically scan your system for SUID/SGID files.

  • Disable SUID on disk partition mounts (local and remote) unless it is necessary.

  • Determine if write, chmod, chown, and chgrp operations on files clear the SUID/SGID bits on your system. Get in the habit of checking files based on this information.

  • Scan for device files on your system. Check their ownerships and permissions to ensure that they are reasonable.

  • Consider using a cryptographic filesystem for sensitive data.

    Part VI: Appendixes