World Writeable Permissions Question

[dxfuentes]

I would like to understand why the following file and directory are World Writeable, and if it is possible to remove the World Writeable permission, or in the case of the directory at least setting a sticky bit for it, without breaking any usage related to either:

/usr/local/nagiosxi/var/NXTI_Write_Test
/usr/local/nagiosxi/html/includes/components/autodiscovery/jobs

[jsimon]

Hi @dxfuentes,

I don't have an insight into the history of the permissions of these files, but looking into their useage you should be fine to remove world permissions from them. I've included a link to our guidance on security hardening, in case you find that helpful at all.

https://answerhub.nagios.com/support/s/ ... stribution

[cnorell]

dxfuentes,

While the vast majority of the XI interface won't be affected by changing permissions of the mentioned resources - and you can absolutely do so - it is possible that the SNMP Trap Interface and the Autodiscovery component won't work quite right.

Best Regards,

Cory Norell

[dxfuentes]

dxfuentes,

While the vast majority of the XI interface won't be affected by changing permissions of the mentioned resources - and you can absolutely do so - it is possible that the SNMP Trap Interface and the Autodiscovery component won't work quite right.

Best Regards,

Cory Norell

Are you able to provide more detail as to what processes or user(s) would be writing to the file and directory that are not the nagios user (since owner/group are nagios). Seems concerning that these two allow World Writeable without actual justification. At a minimum, the directory should be set with a sticky bit.