Page 1 of 1
World Writeable Permissions Question
Posted: Mon Dec 09, 2024 10:27 am
by dxfuentes
I would like to understand why the following file and directory are World Writeable, and if it is possible to remove the World Writeable permission, or in the case of the directory at least setting a sticky bit for it, without breaking any usage related to either:
/usr/local/nagiosxi/var/NXTI_Write_Test
/usr/local/nagiosxi/html/includes/components/autodiscovery/jobs
Re: World Writeable Permissions Question
Posted: Mon Dec 09, 2024 11:12 am
by jsimon
Hi @dxfuentes,
I don't have an insight into the history of the permissions of these files, but looking into their useage you should be fine to remove world permissions from them. I've included a link to our guidance on security hardening, in case you find that helpful at all.
https://answerhub.nagios.com/support/s/ ... stribution
Re: World Writeable Permissions Question
Posted: Thu Dec 12, 2024 10:52 am
by cnorell
dxfuentes,
While the vast majority of the XI interface won't be affected by changing permissions of the mentioned resources - and you can absolutely do so - it is possible that the SNMP Trap Interface and the Autodiscovery component won't work quite right.
Best Regards,
Cory Norell
Re: World Writeable Permissions Question
Posted: Thu Dec 12, 2024 11:03 am
by dxfuentes
cnorell wrote: ↑Thu Dec 12, 2024 10:52 am
dxfuentes,
While the vast majority of the XI interface won't be affected by changing permissions of the mentioned resources - and you can absolutely do so - it is possible that the SNMP Trap Interface and the Autodiscovery component won't work quite right.
Best Regards,
Cory Norell
Are you able to provide more detail as to what processes or user(s) would be writing to the file and directory that are not the nagios user (since owner/group are nagios). Seems concerning that these two allow World Writeable without actual justification. At a minimum, the directory should be set with a sticky bit.