file permissions for AF_UNIX address family sockets

From: Fernando N. de Souza (fnantes@yahoo.com)
Date: Wed Feb 09 2005 - 18:16:18 EST

• Next message: Luke Lussier: "E3500 - how to check if TPE link integrity check is on?"
• Previous message: Michael Segale: "netmask comes up wrong"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Scenario:
==========

Sun E3500
Solaris 9 (Generic_112233-12)
Oracle 9i Server (9.2.0.4)

Problem:
========

/var/tmp/.oracle directory contains scores of files of type "AF_UNIX
address family sockets", the permissions are srwxrwxrwx.

>From what I understand the files are created by the Oracle Listener
process (tnslsnr) each time it starts and just seat there until they
are deleted.

At the bottom I list the output of lsof and ls -l.

Questions:
==========

Are there any possible security issues related to the fact that the
permission mask is srwxrwxrwx?

Is it possible to force the default permissions to something more
restrictive?

Could we do 'chmod o-w <file>'? Would that break anything?

Thanks.

--
Fernando N. de Souza
SysAdmin/DBA
Fairfax, VA
--
Output of 'lsof | grep "/var/tmp/.oracle"'
==========================================
tnslsnr    8020   oracle   11u  unix        105,19        0t0    192488
/devices/pseudo/tl@0:ticots->/var/tmp/.oracle/s#8020.1 (0x38d01c8cae8)
(Vnode=0x30007117618)
tnslsnr    8020   oracle   12u  unix        105,20        0t0    192488
/devices/pseudo/tl@0:ticots->/var/tmp/.oracle/sEXTPROC (0x38feede5cc0)
(Vnode=0x3000e02bb68)
Output of 'ls -ltr /var/tmp/.oracle':
=====================================
...
srwxrwxrwx   1 oracle   dba            0 Jul 16  2003 s#27312.1
srwxrwxrwx   1 oracle   dba            0 Jul 16  2003 s#27358.1
srwxrwxrwx   1 oracle   dba            0 Jul 16  2003 s#28000.1
srwxrwxrwx   1 oracle   dba            0 Jul 16  2003 s#28046.1
srwxrwxrwx   1 oracle   dba            0 Jul 16  2003 s#29847.1
srwxrwxrwx   1 oracle   dba            0 Mar 12  2004 s#12095.1
srwxrwxrwx   1 oracle   dba            0 Mar 12  2004 s#12925.1
srwxrwxrwx   1 oracle   dba            0 Mar 18  2004 s#13715.1
srwxrwxrwx   1 oracle   dba            0 Nov 12 14:46 sEXTPROC
srwxrwxrwx   1 oracle   dba            0 Nov 12 14:46 s#8020.1
=====
Fernando Nantes de Souza
fnantes@yahoo.com
http://fnantes.icestorm.com
-.-- --- ..-   .- .-. .   .-   --. . . -.-
_______________________________________________
sunmanagers mailing list
sunmanagers@sunmanagers.org
http://www.sunmanagers.org/mailman/listinfo/sunmanagers

• Next message: Luke Lussier: "E3500 - how to check if TPE link integrity check is on?"
• Previous message: Michael Segale: "netmask comes up wrong"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.7 : Wed Apr 09 2008 - 23:30:08 EDT