[5956] in bugtraq
Re: Correction: CPSN 9:971208: Solaris /var Permission Problems
daemon@ATHENA.MIT.EDU (Tom Perrine)
Tue Jan 13 20:06:34 1998
Date: Tue, 13 Jan 1998 14:48:15 -0800
Reply-To: Tom Perrine <tep@SDSC.EDU>
From: Tom Perrine <tep@SDSC.EDU>
X-To: rmikesel@RMIKESEL.OGDEN.DISA.MIL
To: BUGTRAQ@NETSPACE.ORG
In-Reply-To: <XFMail.980113125203.rmikesel@rmikesel.ogden.disa.mil> (message
from Randy Mikesell on Tue, 13 Jan 1998 12:43:06 -0700)
>>>>> The moving finger of Randy Mikesell, having written:
Randy> Be careful on what you suggest. The last I heard, even Sun does not
Randy> recommend that you run ASET in high. I know of more than one box that
Randy> was trashed because the SA set ASET to high. It is a long and painfull
Randy> process to restore the system after ASET is finished with it. It may be
Randy> better to keep up on the patches and run scripts or other tools to keep
Randy> track of the permissions.
I highly recommend cfengine (GNU software) to set
owner/group/permissions for such things. We've been using cfengine to
"repair" vendor file permissions for over a year, as well as install
all kinds of extra software, such as Kerberos, SSH, logdaemon,
tcp_wrappers, etc.
A find followed by a cfengine run is a good idea. Letting cfengine
run every morning and at every re-boot is a Great Idea. A
self-healing installation.
--
Tom E. Perrine (tep@SDSC.EDU) | San Diego Supercomputer Center
http://www.sdsc.edu/~tep/ | Voice: +1.619.534.5000
I miss my 36-bit friends: Multics, TOPS-10, and TOPS-20.
