> Hi All!
>
> I reported this bug to Sun approx. 3 weeks ago. Haven't gotten a
> response yet so I'm going ahead and releasing it.
>
> Problem:
>
> I've noticed that the XNTP daemon on Solaris 2.6 and 7 creates
> its drift file (default=/etc/inet/ntp.drift) world-writable (666).
> Even changing the permissions to something sane the permissions
> eventually get set back to 666 (not sure if this is at daemon restart,
> update of the drift file or both).
There's not a whole lot you can do with this hole, though. xntp will
use it as a hint on how good the local clock is but will put only limited
trust in it. (You could copy a big file there, but again, that file
disappears).
A standard default umask of 022 for all programs or xntpd would fix this.
In the next release, the default umask will likely be 022
What also helps is:
setfacl -m d:u::7,d:m:5,d:g::5,d:o:5 /etc/inet
Which forces all files created in the directory to have mode 644 or 755.
The solaris FAQ says:
3.50) How can I prevent daemons from creating mode 666 files?
By default, all daemons inherit the umask 0 from init.
This is most problematic for a service like ftp, which in a
standard configuration leaves all uploaded files with mode 666.
To get daemons to use another umask execute the following
commands in /bin/sh and reboot:
umask 022 # make sure umask.sh gets created with the proper mode
echo "umask 022" > /etc/init.d/umask.sh
for d in /etc/rc?.d
do
ln /etc/init.d/umask.sh $d/S00umask.sh
done
Note: the trailing ".sh" of the scriptname is important, if
you don't specify it, the script will will be executed in a
sub-shell, not in the main shell that executes all other scripts.
In Solaris 2.6 and later, in.ftpd(1M) allows setting its umask
in /etc/default/ftpd.
--- end of excerpt from the FAQ
Questions marked with a * or + have been changed or added since
the FAQ was last posted
The most recently posted version of the FAQ is available from
<http://www.wins.uva.nl/pub/solaris/solaris2/>
