Patch-ID# 100103-12 Keywords: security, secure.sh, client, diskless, file, permissions Synopsis: SunOS 4.1.3;4.1.3_U1: set file permissions to more secure mode Date: Jun/29/93 Solaris Release: 1.0 1.0.1 1.1 1.1C 1.1.1A SunOS Release: 4.1 4.1.1 4.1.2 4.1.3 4.1.3C 4.1.3_U1A Unbundled Product: Unbundled Release: BugId's fixed with this patch: 1046817 1047044 1048142 1054480 1037153 1039292 1042662 1106373 Changes incorporated in this version: 1106373 Relevant Architectures: sparc NOTE: sun3, sun3x, sun4, sun4c, sun4m Obsoleted by: NOTE:4.1.4 The version of the 4.1secure.sh script delivered with this patch will run on server, standalone, dataless & diskless systems. On server systems, the script will fix the attributes of files for the server and for all currently installed clients. On dataless and diskless client systems, the script will fix the attributes only of files in the / (root) filesystem, as the /usr filesystem will be read-only. You must run this script on the server system as well in order maintain the full benefits of this patch. It is recommended that you execute the script only once on the server system, which will fix the attributes for all currently installed client systems, then run the script on each newly installed client that you install after this script has been run on the server. WARNING You must run the script whenever you install a new client on a server in order to maintain the benefits of this patch. You can run it on the server system, but it is better to run it on the client. Problem Description: File permissions on numerous files were set incorrectly in the build tape of 4.1.x FCS. This script changes them back to what they should be. New for version -11: Upgrade of patch for SunOS 4.1.2/4.1.3 and permission changes for /var/yp/`domainname`/mail.aliases.dir and /var/yp/`domainname`/mail.aliases.pag. New for version -12: The script now works properly if dataless and/or diskless clients are installed. INSTALL: MUST be run as root. # chmod 710 4.1secure.sh (restrict execution to root) # sh 4.1secure.sh (run the script)