5
drwxrwxrwt  2 root     root     4096 Aug 20  2015 .font-unix
drwxrwxrwt  2 root     root     4096 Aug 20  2015 .ICE-unix
-rw-------  1 root     root        0 Aug 20  2015 ipt.err
-rw-------  1 root     root       90 Aug 20  2015 ipt.out
drwxr-xr-x  3 root     root     4096 Mar 28 16:23 npm-23008-fc1739e3
drwxrwxrwt  2 root     root     4096 Aug 20  2015 .Test-unix
drwx------  2 root     root     4096 May 11 03:00 tmp.ayv48eJWjN
drwx------  2 root     root     4096 Apr  5 14:55 tmp.DhPr9EXfH5
drwx------  2 root     root     4096 Apr  5 15:11 tmp.DVHx8GHsP4
drwx------  2 root     root     4096 Apr  5 14:45 tmp.FDa39cA3ft
drwx------  2 root     root     4096 May  4 03:00 tmp.fvjOmYe2WQ
drwx------  2 root     root     4096 May 25 03:00 tmp.GEHVHEq0Vf
drwx------  2 john     john     4096 May 12 07:06 tmp.hpMfMe2Dlw
drwx------  2 root     root     4096 Apr  5 12:57 tmp.M543QjpOej
drwx------  2 root     root     4096 Apr 20 03:00 tmp.oruELImlbd
drwx------  2 root     root     4096 Feb 12 22:28 tmp.OV7qrrSCbt
drwx------  2 root     root     4096 Apr 13 03:00 tmp.oyJKXfMa52
drwx------  2 john     john     4096 May 12 07:10 tmp.qqHnbm5bEN
drwx------  2 root     root     4096 Feb 12 22:46 tmp.RRRN63RvPS
drwx------  2 root     root     4096 Feb 12 22:28 tmp.tDLx4KXKjY
drwx------  2 root     root     4096 Apr 27 03:00 tmp.Yp1DDIZUXI
drwxr-xr-x  3 www-data www-data 4096 Mar 28 16:25 www-data
drwxrwxrwt  2 root     root     4096 Aug 20  2015 .X11-unix
drwxrwxrwt  2 root     root     4096 Aug 20  2015 .XIM-unix

After running Lynis test on a server I noticed it was suggesting to remove old files in the temp folder.

When I went to examine the contents, I noticed that some of the directories in the tmp folder has 777 permissions on them!

drwxrwxrwt  2 root     root     4096 Aug 20  2015 .font-unix
drwxrwxrwt  2 root     root     4096 Aug 20  2015 .ICE-unix
drwxrwxrwt  2 root     root     4096 Aug 20  2015 .Test-unix
drwxrwxrwt  2 root     root     4096 Aug 20  2015 .X11-unix
drwxrwxrwt  2 root     root     4096 Aug 20  2015 .XIM-unix

I don't know too much about these. Are they safe?

user
  • 4,267
  • 4
  • 32
  • 70
John
  • 877
  • 4
  • 15
  • 25

1 Answers1

10

drwxrwxrwt (or 1777 rather than 777) are the normal permissions for /tmp/ and not harmful for subdirectories in /tmp/.

The leading d in the permissions drwxrwxrwt indicates a a directory and the trailing t indicates that the sticky bit has been set on that directory.

When the sticky bit is set on a directory, files in that directory may only be unlinked or renamed by root or the directory owner (those are one and the same in your example) or the file owner and not by other users who also can create files and subdirectories in that directory.

So yes, those permissions are probably by design and safe for a directory that is designated a shared resource.

HBruijn
  • 72,524
  • 21
  • 127
  • 192