Hi ,
could someone throw some light on why do default
software when installed ( as root for creating an instance
leaves us with some world accessable directories & some world
executable files & some world readable files .
I am facing this issue on how to explain to Unix Audit Team
how db2 is ensuring security even after allowing such
permissions at software level . if I give 750 permissions
to root id software account then my db2 instance links files
are giving errors
for example
/usr/opt/db2_08_01 # ls -lrt
total 804560
-rw-r--r-- 1 root system 411811840 May 20 2006 db2tar
lrwxrwxrwx 1 root system 13 May 20 2006 freeware -/
opt/freeware
drwxr-xr-x 4 db2inst1 db2grp1 256 May 20 2006 doc
drwxr-xr-x 5 db2inst1 db2grp1 256 May 20 2006 infopop
drwxr-xr-x 4 root dasadm1 256 May 20 2006 msg
drwxr-xr-x 3 root system 256 May 20 2006 lost+found
drwxr-xr-x 3 db2inst1 db2grp1 256 Jun 10 2006 include64
drwxr-xr-x 3 bin bin 4096 Jun 10 2006 include
drwxr-xr-x 3 bin bin 256 Jun 10 2006 tivready
drwxr-xr-x 54 bin bin 4096 Jun 10 2006 license
drwxr-xr-x 12 bin bin 4096 Jun 10 2006 das
drwxr-xr-x 3 root system 4096 Jun 10 2006 dasfcn64
drwxr-xr-x 3 root system 4096 Jun 10 2006 dasfcn
drwxr-xr-x 3 db2inst1 db2grp1 256 Jun 10 2006 map
drwxr-xr-x 4 db2inst1 db2grp1 256 Jun 10 2006 Readme
drwxr-xr-x 5 bin bin 4096 Jun 10 2006 instance
drwxr-xr-x 4 root dasadm1 12288 Jun 10 2006 conv
drwxr-xr-x 4 bin bin 256 Jun 10 2006 security64
drwxr-xr-x 4 bin bin 256 Jun 10 2006 security
drwxr-xr-x 3 db2inst1 db2grp1 4096 Jun 10 2006 java
drwxr-xr-x 4 db2inst1 db2grp1 4096 Jun 10 2006 tools
drwxr-xr-x 3 db2inst1 db2grp1 256 Jun 10 2006 adsm64
drwxr-xr-x 3 bin bin 256 Jun 10 2006 adsm
drwxr-xr-x 3 bin bin 4096 Jun 10 2006 adm64
drwxr-xr-x 4 bin bin 12288 Jun 10 2006 bin
drwxr-xr-x 4 db2inst1 db2grp1 12288 Jun 10 2006 bin64
drwxr-xr-x 4 bin bin 4096 Jun 10 2006 cfg
drwxr-xr-x 3 db2inst1 db2grp1 8192 Jun 10 2006 bnd
drwxr-xr-x 4 bin bin 4096 Jun 10 2006 function64
drwxr-xr-x 4 bin bin 4096 Jun 10 2006 function
drwxr-xr-x 4 db2inst1 db2grp1 8192 Jun 10 2006 lib
drwxr-xr-x 13 db2inst1 db2grp1 4096 Jun 10 2006 samples
drwxr-xr-x 3 db2inst1 db2grp1 4096 Jun 10 2006 misc
drwxr-sr-x 3 db2inst1 db2grp1 4096 Jun 10 2006 lib64
drwxr-xr-x 2 bin bin 4096 Jun 10 2006 adm
/usr/opt/db2_08_01 # ls -la /usr/opt/db2_08_01/instance
total 1480
drwxr-xr-x 5 bin bin 4096 Jun 10 2006 .
drwxr-xr-x 35 bin bin 4096 Aug 12 2006 ..
drwxr-xr-x 5 bin bin 256 Jun 10 2006 common
-r-xr-xr-x 1 bin bin 4703 Aug 20 2005 dascrt
-r-xr-xr-x 1 bin bin 3789 May 20 2006 dasdrop
-r-xr-xr-x 1 bin bin 2018 May 20 2006 daslist
-r-xr-xr-x 1 bin bin 38466 Aug 20 2005 dasmigr
-r-xr-xr-x 1 bin bin 3906 May 20 2006 dasupdt
-r-xr-xr-x 1 bin bin 21791 Aug 20 2005 dasutil
lrwxrwxrwx 1 root bin 15 May 20 2006 db2ckmig -
-r-xr-xr-x 1 root bin 22007 Aug 20 2005 db2clpid
lrwxrwxrwx 1 root bin 31 May 20 2006 db2iauto -/
usr/opt/db2_08_01/bin/db2iauto
-r-xr--r-- 1 root bin 23143 Aug 20 2005 db2icfg
-r-xr-xr-x 1 root bin 22501 Aug 20 2005 db2icknm
-r-xr--r-- 1 root bin 8783 Aug 20 2005 db2icrt
-r-xr-xr-x 1 root bin 11519 Aug 20 2005 db2idbm
-r--r--r-- 1 root bin 19008 Aug 20 2005 db2idefs
-r-xr--r-- 1 root bin 4695 Aug 20 2005 db2idrop
-r-xr--r-- 1 root bin 2521 May 20 2006 db2iexec
-r-xr-xr-x 1 root bin 4588 May 20 2006 db2iinfo
lrwxrwxrwx 1 root bin 15 May 20 2006 db2ilist -
-r-xr-xr-x 1 root bin 3586 May 20 2006 db2imchk
-r-xr--r-- 1 root bin 51852 Aug 20 2005 db2imigr
-r--r--r-- 1 root bin 641 May 20 2006 db2inst.defs
-r-xr--r-- 1 root bin 25974 Aug 20 2005 db2instcfg
-r-xr--r-- 1 root bin 23149 Aug 20 2005 db2ipcld
-r-xr--r-- 1 root bin 145399 Aug 20 2005 db2iset
-r-xr-xr-x 1 bin bin 6267 Aug 20 2005 db2isetup
-rw-r--r-- 1 root system 0 Aug 20 2005 db2ishut
-r-xr-xr-x 1 root bin 39827 Aug 20 2005 db2isrv
-r-xr-xr-x 1 root bin 18281 Aug 20 2005 db2istop
-r-xr--r-- 1 root bin 4130 Aug 20 2005 db2istrt
-r-xr--r-- 1 root bin 17938 Aug 20 2005 db2iuadm
-r-xr--r-- 1 root bin 7943 Aug 20 2005 db2iupdt
-r--r--r-- 1 root bin 139684 Aug 20 2005 db2iutil
-r-xr--r-- 1 root bin 6471 Aug 20 2005 db2uit
drwxr-sr-x 4 bin bin 4096 Jul 05 2004 instance
drwxr-xr-x 3 bin bin 256 Oct 29 2002 native
could someone throw some light on why do default
software when installed ( as root for creating an instance
leaves us with some world accessable directories & some world
executable files & some world readable files .
I am facing this issue on how to explain to Unix Audit Team
how db2 is ensuring security even after allowing such
permissions at software level . if I give 750 permissions
to root id software account then my db2 instance links files
are giving errors
for example
/usr/opt/db2_08_01 # ls -lrt
total 804560
-rw-r--r-- 1 root system 411811840 May 20 2006 db2tar
lrwxrwxrwx 1 root system 13 May 20 2006 freeware -/
opt/freeware
drwxr-xr-x 4 db2inst1 db2grp1 256 May 20 2006 doc
drwxr-xr-x 5 db2inst1 db2grp1 256 May 20 2006 infopop
drwxr-xr-x 4 root dasadm1 256 May 20 2006 msg
drwxr-xr-x 3 root system 256 May 20 2006 lost+found
drwxr-xr-x 3 db2inst1 db2grp1 256 Jun 10 2006 include64
drwxr-xr-x 3 bin bin 4096 Jun 10 2006 include
drwxr-xr-x 3 bin bin 256 Jun 10 2006 tivready
drwxr-xr-x 54 bin bin 4096 Jun 10 2006 license
drwxr-xr-x 12 bin bin 4096 Jun 10 2006 das
drwxr-xr-x 3 root system 4096 Jun 10 2006 dasfcn64
drwxr-xr-x 3 root system 4096 Jun 10 2006 dasfcn
drwxr-xr-x 3 db2inst1 db2grp1 256 Jun 10 2006 map
drwxr-xr-x 4 db2inst1 db2grp1 256 Jun 10 2006 Readme
drwxr-xr-x 5 bin bin 4096 Jun 10 2006 instance
drwxr-xr-x 4 root dasadm1 12288 Jun 10 2006 conv
drwxr-xr-x 4 bin bin 256 Jun 10 2006 security64
drwxr-xr-x 4 bin bin 256 Jun 10 2006 security
drwxr-xr-x 3 db2inst1 db2grp1 4096 Jun 10 2006 java
drwxr-xr-x 4 db2inst1 db2grp1 4096 Jun 10 2006 tools
drwxr-xr-x 3 db2inst1 db2grp1 256 Jun 10 2006 adsm64
drwxr-xr-x 3 bin bin 256 Jun 10 2006 adsm
drwxr-xr-x 3 bin bin 4096 Jun 10 2006 adm64
drwxr-xr-x 4 bin bin 12288 Jun 10 2006 bin
drwxr-xr-x 4 db2inst1 db2grp1 12288 Jun 10 2006 bin64
drwxr-xr-x 4 bin bin 4096 Jun 10 2006 cfg
drwxr-xr-x 3 db2inst1 db2grp1 8192 Jun 10 2006 bnd
drwxr-xr-x 4 bin bin 4096 Jun 10 2006 function64
drwxr-xr-x 4 bin bin 4096 Jun 10 2006 function
drwxr-xr-x 4 db2inst1 db2grp1 8192 Jun 10 2006 lib
drwxr-xr-x 13 db2inst1 db2grp1 4096 Jun 10 2006 samples
drwxr-xr-x 3 db2inst1 db2grp1 4096 Jun 10 2006 misc
drwxr-sr-x 3 db2inst1 db2grp1 4096 Jun 10 2006 lib64
drwxr-xr-x 2 bin bin 4096 Jun 10 2006 adm
/usr/opt/db2_08_01 # ls -la /usr/opt/db2_08_01/instance
total 1480
drwxr-xr-x 5 bin bin 4096 Jun 10 2006 .
drwxr-xr-x 35 bin bin 4096 Aug 12 2006 ..
drwxr-xr-x 5 bin bin 256 Jun 10 2006 common
-r-xr-xr-x 1 bin bin 4703 Aug 20 2005 dascrt
-r-xr-xr-x 1 bin bin 3789 May 20 2006 dasdrop
-r-xr-xr-x 1 bin bin 2018 May 20 2006 daslist
-r-xr-xr-x 1 bin bin 38466 Aug 20 2005 dasmigr
-r-xr-xr-x 1 bin bin 3906 May 20 2006 dasupdt
-r-xr-xr-x 1 bin bin 21791 Aug 20 2005 dasutil
lrwxrwxrwx 1 root bin 15 May 20 2006 db2ckmig -
../bin/db2ckmig
lrwxrwxrwx 1 root bin 31 May 20 2006 db2iauto -/
usr/opt/db2_08_01/bin/db2iauto
-r-xr--r-- 1 root bin 23143 Aug 20 2005 db2icfg
-r-xr-xr-x 1 root bin 22501 Aug 20 2005 db2icknm
-r-xr--r-- 1 root bin 8783 Aug 20 2005 db2icrt
-r-xr-xr-x 1 root bin 11519 Aug 20 2005 db2idbm
-r--r--r-- 1 root bin 19008 Aug 20 2005 db2idefs
-r-xr--r-- 1 root bin 4695 Aug 20 2005 db2idrop
-r-xr--r-- 1 root bin 2521 May 20 2006 db2iexec
-r-xr-xr-x 1 root bin 4588 May 20 2006 db2iinfo
lrwxrwxrwx 1 root bin 15 May 20 2006 db2ilist -
../bin/db2ilist
-r-xr--r-- 1 root bin 51852 Aug 20 2005 db2imigr
-r--r--r-- 1 root bin 641 May 20 2006 db2inst.defs
-r-xr--r-- 1 root bin 25974 Aug 20 2005 db2instcfg
-r-xr--r-- 1 root bin 23149 Aug 20 2005 db2ipcld
-r-xr--r-- 1 root bin 145399 Aug 20 2005 db2iset
-r-xr-xr-x 1 bin bin 6267 Aug 20 2005 db2isetup
-rw-r--r-- 1 root system 0 Aug 20 2005 db2ishut
-r-xr-xr-x 1 root bin 39827 Aug 20 2005 db2isrv
-r-xr-xr-x 1 root bin 18281 Aug 20 2005 db2istop
-r-xr--r-- 1 root bin 4130 Aug 20 2005 db2istrt
-r-xr--r-- 1 root bin 17938 Aug 20 2005 db2iuadm
-r-xr--r-- 1 root bin 7943 Aug 20 2005 db2iupdt
-r--r--r-- 1 root bin 139684 Aug 20 2005 db2iutil
-r-xr--r-- 1 root bin 6471 Aug 20 2005 db2uit
drwxr-sr-x 4 bin bin 4096 Jul 05 2004 instance
drwxr-xr-x 3 bin bin 256 Oct 29 2002 native
Comment