Do Not Allow World-writable Files
"World-writable" means that any user can write to the file, which is rarely necessary under normal circumstances. If a file is improperly configured with world-writable permissions, it can be easily tampered with by attackers, introducing security risks. If a file genuinely requires world-writable permissions, you must conduct a scenario-specific risk assessment to ensure that attackers cannot exploit the file to launch attacks.
The /sys and /proc directories contain numerous world-writable files generated during Linux runtime. These directories must be excluded during inspection to avoid false positives.
- Run the following command to search for world-writable files under the root directory (excluding the /sys and /proc directories):
find / -path /proc -prune -o -path /sys -prune -o -type f -perm -0002 -exec ls -lg {} \;The following is an example. If the command returns no output, no world-writable files exist.
-rwxrwxrwx. 1 root 0 Dec 1 17:34 /root/test
Alternatively, use the -xdev option to restrict the search to the filesystem of the current partition, skipping other mounted partitions.
find / -xdev -type f -perm -0002 -exec ls -lg {} \;The following is an example.
-rwxrwxrwx. 1 root 0 Dec 1 17:34 /root/test
- For improper permissions, run the chmod command to remove the world-write permission. The following uses the test permission as an example. You can verify the changes afterward by running the ll command
chmod 755 test ll test
The following information is displayed.
-rwxr-xr-x. 1 root root 0 Dec 1 17:34 test